Cybersecurity Is No Longer The Sole Responsibility Of IT Specialists 

Uploaded on 2023-03-14 in NEWS-Cybersecurity News, FREE TO VIEW

While cybersecurity used to be a topic and responsibility reserved only for the IT team, we’re seeing the industry shift to a mindset of collective resilience. One where the entire company has a role to play when it comes to cybersecurity and the weight of cyber risk or even a data breach doesn’t rest solely on the shoulders of the CISO

While there’s still a lot to be done, there are positive steps being made towards more cross-industry collaboration, less pressure on the role of the CISO, and an opportunity not only for cybersecurity vendors to increase their business, but also for employees across the globe to gain a better understanding and appreciation for the importance of cybersecurity.

Rebalancing Responsibility 

Given the rising frequency of cyber-attacks around the globe, it’s not surprising to see a move to strengthen overall resilience. Cybersecurity is relevant to all industries, all businesses and all job roles, so business-wide resilience has to be a top priority. Despite challenges, the private and public sector are working to spread the burden of cybersecurity, both through education and awareness, as well as regulations and policies.  

The latest example of this is the new US National Cybersecurity Strategy from the Biden-Harris Administration, which plans to focus on “rebalancing the responsibility to defend cyberspace” and taking the burden away from individuals and small businesses. Although the implementation of these plans is not yet clear and there’s no certainty on what will change, the release of the strategy has prompted discussion around how to handle liability when it comes to a cyberattack. 

Preventing Burnout

It’s well-known in the industry that CISOs are among those with the most high pressure jobs, and that the result often leads to burnout. A 2022 survey highlighted stress and burnout as the most significant personal risks CISOs are facing in their role. 

Whilst CISOs will always have a responsibility for the cybersecurity of their business, organisations are engaging in cybersecurity more on the whole meaning there’s better understanding from the C-Level - with Accenture’s latest State of Cybersecurity report stating that 70% of organisations include cybersecurity as an item for discussion in every board meeting - as well as employees across all departments. 

The relationship between the CISO and the Board and leadership team impacts the overall approach to cybersecurity from the entire company. For example, the same Accenture report noted that CISOs in a group dubbed “Cyber Champions” were more likely to report to the CEO and the Board as well as have a far closer relationship with the CFO. What’s more, when it comes to budget authorisation, only 19% of those “Cyber Champions” had their budgets authorised by the CEO or the Board, meaning the majority had autonomy over what they spend their budget on. 

With increased recognition that cybersecurity is not the sole responsibility of one person or one team, we’ll hopefully continue to see the burden on CISOs reduced as well as more involvement and ownership from other senior leaders. 

The Opportunity For The Industry

As we see more businesses take note of cybersecurity, it’s likely there’ll also be a broader impact on other businesses in the market, including vendors. 

With the current economic and cost of living crisis, purse strings are being tightened across organisations, however with awareness of the impact a cyber-attack or data breach can have on a business, and the relationship between CISOs and the C-Level getting stronger, it’s likely we’ll see more budget going towards cybersecurity solutions, with an emphasis on those that augment the job of the security team, as well as those that educate the wider business. 

On the whole, a continued path to collective resilience spreading responsibility for cybersecurity is a positive sign for the industry. However, as hackers become evermore sophisticated and the frequency of cyber-attacks continues, it’ll be vital that cyber strategies remain agile and continue to adapt to an ever-changing threat landscape and that everybody knows what role to play.

Emily Quick is  Account Director and cybersecurity specialist at The PHA Group

You Might Also Read: 

Wanted - A New Generation Of Cyber Security Leaders:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Ransomware Gang Claims Responsibility For The Attack On Oakland
A 'Golden Pipeline' To Secure The Supply Chain »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CybSafe

CybSafe

CybSafe is a cloud-based platform focussed on addressing the human component of cyber security - an intelligent approach to awareness training.

PCI Pal

PCI Pal

PCI Pal’s secure cloud payment solutions are certified to the highest level of security by the leading card companies.

IT2Trust

IT2Trust

IT2Trust is one of Scandinavia’s leading value-added distributors of business-critical IT solutions within IT security and networking.

Muninn

Muninn

At Muninn (aka Wehowsky), we specialize in mitigating potential risks within your network, providing one of the leading network detection and response (NDR) solutions on the market.

Global Station for Big Data & Cybersecurity (GSB)

Global Station for Big Data & Cybersecurity (GSB)

GSB is an interdisciplinary research hub to cover big data, information networks, and cybersecurity.

AllClear ID

AllClear ID

AllClear ID provides products and services that help protect people and their personal information from threats related to identity theft.

Hedgehog Security

Hedgehog Security

The key objective of Hedgehog is to provide simple, effective and affordable information security improvements that support your drive to increase productivity and profitability.

BIG Cyber

BIG Cyber

BIG Cyber is a specialized Managed Security Service Provider (MSSP) dedicated to bringing military grade cyber security technology to the gaming industry.

Suresecure

Suresecure

Suresecure are a specialised consulting company providing Strategic IT security consulting, Managed Security Services, and Incident Response Management.

Xalient

Xalient

Xalient is an IT consulting and managed services business, specialising in modern, software-defined networking, security and communications technologies.

CyberQP

CyberQP

CyberQP (formerly Quickpass Cybersecurity) provide Privileged Access Management built for MSPs. Our system is designed to reduce ransomware and social engineering attack risks.

Primus Institute of Technology

Primus Institute of Technology

At Primus Institute of Technology our mission is to inspire, support, and empower current and aspiring IT professionals through training and career development workshops.

Harbor Networks

Harbor Networks

Harbor Networks is a communications systems integrator and managed services provider. We provide business consultation services for voice and data communication technology.

Cybertech Nepal

Cybertech Nepal

Cybertech Nepal is committed to provide high-quality cyber security solutions, including server assessment and hardening, forensics and malware analysis, end-point threat analysis, and VAPT.

CovertSwarm

CovertSwarm

Since 2020 CovertSwarm have been radically redefining how enterprise security risks are discovered. We outpace the cyber threats faced by our clients using a constant cyber attack methodology.

True Corporation

True Corporation

True Corporation is Thailand’s leading Telecom-Tech company, empowering people and businesses with connected solutions that advance society sustainably.