Cybersecurity Is No Longer The Sole Responsibility Of IT Specialists 

While cybersecurity used to be a topic and responsibility reserved only for the IT team, we’re seeing the industry shift to a mindset of collective resilience. One where the entire company has a role to play when it comes to cybersecurity and the weight of cyber risk or even a data breach doesn’t rest solely on the shoulders of the CISO

While there’s still a lot to be done, there are positive steps being made towards more cross-industry collaboration, less pressure on the role of the CISO, and an opportunity not only for cybersecurity vendors to increase their business, but also for employees across the globe to gain a better understanding and appreciation for the importance of cybersecurity.

Rebalancing Responsibility 

Given the rising frequency of cyber-attacks around the globe, it’s not surprising to see a move to strengthen overall resilience. Cybersecurity is relevant to all industries, all businesses and all job roles, so business-wide resilience has to be a top priority. Despite challenges, the private and public sector are working to spread the burden of cybersecurity, both through education and awareness, as well as regulations and policies.  

The latest example of this is the new US National Cybersecurity Strategy from the Biden-Harris Administration, which plans to focus on “rebalancing the responsibility to defend cyberspace” and taking the burden away from individuals and small businesses. Although the implementation of these plans is not yet clear and there’s no certainty on what will change, the release of the strategy has prompted discussion around how to handle liability when it comes to a cyberattack. 

Preventing Burnout

It’s well-known in the industry that CISOs are among those with the most high pressure jobs, and that the result often leads to burnout. A 2022 survey highlighted stress and burnout as the most significant personal risks CISOs are facing in their role. 

Whilst CISOs will always have a responsibility for the cybersecurity of their business, organisations are engaging in cybersecurity more on the whole meaning there’s better understanding from the C-Level - with Accenture’s latest State of Cybersecurity report stating that 70% of organisations include cybersecurity as an item for discussion in every board meeting - as well as employees across all departments. 

The relationship between the CISO and the Board and leadership team impacts the overall approach to cybersecurity from the entire company. For example, the same Accenture report noted that CISOs in a group dubbed “Cyber Champions” were more likely to report to the CEO and the Board as well as have a far closer relationship with the CFO. What’s more, when it comes to budget authorisation, only 19% of those “Cyber Champions” had their budgets authorised by the CEO or the Board, meaning the majority had autonomy over what they spend their budget on. 

With increased recognition that cybersecurity is not the sole responsibility of one person or one team, we’ll hopefully continue to see the burden on CISOs reduced as well as more involvement and ownership from other senior leaders. 

The Opportunity For The Industry

As we see more businesses take note of cybersecurity, it’s likely there’ll also be a broader impact on other businesses in the market, including vendors. 

With the current economic and cost of living crisis, purse strings are being tightened across organisations, however with awareness of the impact a cyber-attack or data breach can have on a business, and the relationship between CISOs and the C-Level getting stronger, it’s likely we’ll see more budget going towards cybersecurity solutions, with an emphasis on those that augment the job of the security team, as well as those that educate the wider business. 

On the whole, a continued path to collective resilience spreading responsibility for cybersecurity is a positive sign for the industry. However, as hackers become evermore sophisticated and the frequency of cyber-attacks continues, it’ll be vital that cyber strategies remain agile and continue to adapt to an ever-changing threat landscape and that everybody knows what role to play.

Emily Quick is  Account Director and cybersecurity specialist at The PHA Group

You Might Also Read: 

Wanted - A New Generation Of Cyber Security Leaders:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Ransomware Gang Claims Responsibility For The Attack On Oakland
A 'Golden Pipeline' To Secure The Supply Chain »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CloudEndure

CloudEndure

CloudEndure offers Disaster Recovery and Continuous Replication for the Cloud.

CybergymIEC

CybergymIEC

CybergymIEC is a global leader in cyber defense solutions and training services.

Cybersecurity Credentials Collaborative (C3)

Cybersecurity Credentials Collaborative (C3)

C3 provides a forum for collaboration among vendor-neutral information security and privacy and related IT disciplines certification bodies.

Hitachi Systems Security

Hitachi Systems Security

Hitachi Systems Security provides customized services for monitoring and protecting the most critical and sensitive IT assets in our clients’ infrastructures 24/7.

Arsenal Recon

Arsenal Recon

Arsenal Recon are digital forensics experts, providing consultancy services and powerful software tools to improve the analysis of electronic evidence.

SaferVPN

SaferVPN

SaferVPN is a Virtual Private Network services provider offering secure encrypted access to the internet.

GOVCERT.lu

GOVCERT.lu

GOVCERT.lu is responsible for the treatment of all computer related incidents jeopardising the information systems of the government and defined critical infrastructure operators in Luxembourg.

Salviol Global Analytics

Salviol Global Analytics

Salviol Global Analytics is a leading provider of Fraud, Risk and Operational Performance Solutions to a number of vertical markets including Insurance, Banking, Utilities, Telco’s and Government.

CyberSecurityTrainingCourses.com

CyberSecurityTrainingCourses.com

Cyber Security Training Courses is a portal to help candidates find the best courses to progress their career within the IT security industry.

Digitpol

Digitpol

Digitpol’s Cyber Crime Investigation experts investigate hacking incidents, ransomware, extortion and conduct security audits and IT upgrades.

Wickr

Wickr

Wickr's mission is to secure the world's most critical communications. Wickr provides the highest standard of encryption trusted by millions worldwide.

FiVerity

FiVerity

FiVerity provides financial institutions with cyber fraud defense to combat a dangerous and growing threat - the convergence of fraud-related theft with sophisticated, high-volume cyber attacks.

SoftForum

SoftForum

SoftForum is a company specializing in next-generation information security solutions in the Quantum-Resistant-Cryptography (PQC) field.

Vertex Cyber Security

Vertex Cyber Security

Vertex provide Cyber Security Services to small to large businesses including Advise, Consulting, Adding Security Partnership, Penetration Testing, ISO 27001-2 and Audits.

SecureChain AI

SecureChain AI

SecureChain are combining blockchain and AI technology to create a smarter blockchain platform especially in terms of security.

Evolver

Evolver

Evolver delivers technology services and solutions that improve security, promote innovation, and maximize operational efficiency in support of government and commercial customers.