CEOs Are Accountable For Cyber Attacks

Uploaded on 2017-08-10 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

CEOs should be the ones responsible in case of a cyber-attack and a data breach in an organisation, according to a new report by Tripwire.

Polling Infosecurity Europe 2017 attendees on who should be held accountable in such a scenario, 40 percent said CEOs. CISOs are the second in line with 21 percent of answers, while 14 percent would blame the CIO.

Tripwire says CEOs should be aware of the "basic principles of security," and remembered the example of former Yahoo CEO Marissa Mayer, who forfeited her cash bonus following a breach.

However, CEOs shouldn’t be the only ones holding responsibility for cyber security. "Foundational security controls should be demonstrated from the board level all the way down to the workforce," the report states.
"Accountability starts with the CEO, but information security is a shared responsibility across every function and level of an organisation," said Tim Erlin, VP at Tripwire.
"Data breaches are a problem that the board-level executives need to be responsible for addressing, which means that the CISO must be involved in those board-level discussions. The board can’t take meaningful, productive risk management action without that expertise in the room."
"Nevertheless, even the most diligent organisations are still susceptible to attack, and to human error. Businesses need to implement and maintain a core set of foundational security controls, which is a proven strategy for reducing the risk of cyber-attacks. The focus should be on a balance of tools and outcomes, and especially a balance between prevention and detection."

The report also said the Operations department struggles most with cyber-attacks, followed by finance, sales and marketing.

Beta News

You Might Also Read:

Cyber Security Checklist For Management (£):

 

« Top US Cyber Official Resigns
71% Of SMEs Unprepared For Cyber Risks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

European Council on Foreign Relations (ECFR)

European Council on Foreign Relations (ECFR)

ECFR is a pan-European think-tank conducting research and promote informed debate on European foreign policy. Cyber security is becoming an intrinsic element of foreign policy debate.

Technology Association of Georgia (TAG)

Technology Association of Georgia (TAG)

TAG's mission is to educate, promote, influence and unite Georgia's technology community to stimulate and enhance Georgia's tech-based economy.

National Centre of Incident Readiness & Strategy for Cybersecurity (NISC) - Japan

National Centre of Incident Readiness & Strategy for Cybersecurity (NISC) - Japan

NISC was established as a secretariat of the Cybersecurity Strategy Headquarters in collaboration with the public and private sectors to create a "free, fair and secure cyberspace" in Japan.

Arsenal Insurance Company

Arsenal Insurance Company

Arsenal is an insurance provider based in Moscow, Russia. Services offered include Cyber Risk insurance.

Ovarro

Ovarro

Ovarro is the new name for Servelec Technologies and Primayer. Ovarro's technology is used throughout the world to monitor, control and manage critical and national infrastructure.

NetSecurity

NetSecurity

NetSecurity is a Brazilian company specializing in Information Security. We provide Managed Security Services (MSS), network security solutions and other specialist services.

Clone Systems

Clone Systems

Clone Systems is an award winning global cloud based managed security as a service provider.

Risk Strategies

Risk Strategies

Risk Strategies is a leading specialty risk management consultancy and insurance broker offering smarter, practical approaches to risk mitigation including Cyber Liability insurance.

Tactic Labs

Tactic Labs

Tactic Labs (part of the Avnon Group) delivers a holistic Cyber-Security Management Platform which provides military-grade protection, safeguarding critical infrastructures and mission-critical data.

KT Secure

KT Secure

KTSecure’s mission is to provide proven and productive cyber security solutions and managed services, backed by our highly qualified and passionate team of experts.

Lucata

Lucata

Lucata solutions support groundbreaking graph analytics and improved machine learning for organizations in financial services, cybersecurity, healthcare, pharmaceuticals, telecommunications and more.

Xalient

Xalient

Xalient is an IT consulting and managed services business, specialising in modern, software-defined networking, security and communications technologies.

Rimstorm

Rimstorm

Rimstorm’s mission is to significantly improve the security of your data using award-winning, state-of-the-art technology combined with cyber managed security services.

Cyber News Live

Cyber News Live

Welcome to Cyber News Live (CNL), we are dedicated to keeping everyone safe online. We provide vital information.

Sayers

Sayers

Sayers is best known for its ability to solve business challenges with IT solutions. Our areas of expertise include cloud, storage, virtualization, security, mobility and networking.

Miggo Security

Miggo Security

Miggo is the first Application Detection and Response (ADR) platform on a mission to stop application breaches.