CEOs Are Accountable For Cyber Attacks

CEOs should be the ones responsible in case of a cyber-attack and a data breach in an organisation, according to a new report by Tripwire.

Polling Infosecurity Europe 2017 attendees on who should be held accountable in such a scenario, 40 percent said CEOs. CISOs are the second in line with 21 percent of answers, while 14 percent would blame the CIO.

Tripwire says CEOs should be aware of the "basic principles of security," and remembered the example of former Yahoo CEO Marissa Mayer, who forfeited her cash bonus following a breach.

However, CEOs shouldn’t be the only ones holding responsibility for cyber security. "Foundational security controls should be demonstrated from the board level all the way down to the workforce," the report states.
"Accountability starts with the CEO, but information security is a shared responsibility across every function and level of an organisation," said Tim Erlin, VP at Tripwire.
"Data breaches are a problem that the board-level executives need to be responsible for addressing, which means that the CISO must be involved in those board-level discussions. The board can’t take meaningful, productive risk management action without that expertise in the room."
"Nevertheless, even the most diligent organisations are still susceptible to attack, and to human error. Businesses need to implement and maintain a core set of foundational security controls, which is a proven strategy for reducing the risk of cyber-attacks. The focus should be on a balance of tools and outcomes, and especially a balance between prevention and detection."

The report also said the Operations department struggles most with cyber-attacks, followed by finance, sales and marketing.

Beta News

You Might Also Read:

Cyber Security Checklist For Management (£):

 

« Top US Cyber Official Resigns
71% Of SMEs Unprepared For Cyber Risks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Egress Software Technologies

Egress Software Technologies

Egress Software Technologies is a leading provider of data security services designed to protect shared information throughout its lifecycle.

Opscura

Opscura

Opscura (formerly Enigmedia) brings the reliable and cautious hands of operations together with the analytical minds of cyber experts and cryptography researchers.

Latvian Information & Communications Technology Association (LIKTA)

Latvian Information & Communications Technology Association (LIKTA)

LIKTA brings together leading Latvian companies, organizations and professionals in the field of Information & Communications Technology

Xage Security

Xage Security

Xage is the world’s first blockchain-protected security platform for Industrial IoT.

Hornetsecurity

Hornetsecurity

Meet Hornetsecurity – Leading Cloud Email Security Provider. We protect global organizations so you can focus on what you do best.

TunnelBear

TunnelBear

TunnelBear is a Virtual Private Network services provider offering secure encrypted access to the internet.

NSEIT

NSEIT

NSEIT offers end-to-end Information Technology products, solutions and services including cybersecurity to organizations in the financial sector.

Styra

Styra

Styra allows companies to secure cloud environments and applications, including those built on the popular Kubernetes open-source cloud platform.

CyBOK - University of Bristol

CyBOK - University of Bristol

CyBOK is a comprehensive Body of Knowledge to inform and underpin education and professional training for the cyber security sector.

CyVolve

CyVolve

Cyvolve is the next great leap forward in data security, ensuring constant encryption and pervasive control over all your data.

Venkon

Venkon

Venkon provides effective and unique solutions to cyber-security threats and IT compliance requirements of your organization.

Zyston

Zyston

Zyston's solutions provide end-to-end management of your cybersecurity needs. Our range of services help protect your business where it needs it the most.

Technoware Solutions

Technoware Solutions

Technoware Solutions is a global company committed to helping entities navigate the digital waters of modernizing their system processes in an ever changing cybersecurity landscape.

Digital Encode

Digital Encode

Digital Encode is a leading consulting and integration firm that specializes in the design, management, and security of business-critical networks, telecommunications, and IT infrastructures.

Pvotal Technologies

Pvotal Technologies

Pvotal Technologies engineer complex, automated processes aligned with best AIOps, BizDevOps, DevSecOps, CloudOps, and ITOps practices.

Strobes Security

Strobes Security

Strobes is among the world’s first cybersecurity platforms specifically designed for end-to-end continuous threat exposure management.