Is the CEO to blame for a Data Breach? Infosec professionals have spoken!

Is the CEO to blame for a Data Breach? Tripwire, a leading global provider of security and compliance solutions for enterprises and industrial organizations, conducted a survey at Infosecurity Europe 2017 to ask security professionals whose neck is most on the line if a company has a data breach. We have already seen CEO’s accept responsibility for data breaches. Tim Erlin, VP at Tripwire said, “Accountability starts with the CEO, but information security is a shared responsibility across every function and level of an organization. Businesses need to implement and maintain a core set of foundational security controls, which is a proven strategy for reducing the risk of cyberattacks. Departments chosen by security professionals included Finance (14%), Sales (13%), HR (11%) and Marketing (10%) found it difficult when handling cyberattacks[2]. The worst time to plan for a cyber attack is after the incident has occurred, but this is what happens far too often. Security hygiene goes a long way toward making the attackers job’s difficult, as well as creating confidence in your company’s overall security, but incidents still occur and creating awareness of the incident response plan ahead of time will prevent panic, especially from the groups that don’t worry about these attacks on a daily basis.” Survey Results: [1] In your organisation, whose neck is most on the line if you have a data breach? [2] In your organisation, which department do you think struggles most with cyber security? Results based on 350 responses to this question 14% Operations 43% Other 00% Finance 86% Sales
Is the CEO to blame for a Data Breach? Infosec professionals have spoken!

The past year has seen attacks like Wannacry and Petya cause worldwide disruption, with countless data breaches harming household names. The damage to reputation, and increased public scrutiny, coupled with the average cost of a data breach now estimated at $3.62 million globally, can severely cripple a business to the brink of bankruptcy. So, if a data breach occurs, who is to blame? Tripwire, a leading global provider of security and compliance solutions for enterprises and industrial organizations, conducted a survey at Infosecurity Europe 2017 to ask security professionals whose neck is most on the line if a company has a data breach.

Of the respondents, 40% believed the CEO’s were the first to be in the firing line if a company was compromised by a data breach, followed by CISO (21%), “other” (15%) and CIO (14%)[1]. Based on these results, CEO’s must be aware of the basic principles of security. We have already seen CEO’s accept responsibility for data breaches. Marissa Mayer, CEO of Yahoo, forfeited her cash bonus following a breach under her tenure.

However, the responsibility of understanding and implementing security should not solely fall on the CEO’s shoulders. Foundational security controls should be demonstrated from the board level all the way down to the workforce.

Tim…

Written By
More from Industry News

Integrating device data with EHRs requires focus on governance, privacy

Author: Mike Miliard / Source: Healthcare IT News Flowing outside data into existing electronic...
Read More

Leave a Reply

Your email address will not be published. Required fields are marked *