The past year has seen attacks like Wannacry and Petya cause worldwide disruption, with countless data breaches harming household names. The damage to reputation, and increased public scrutiny, coupled with the average cost of a data breach now estimated at $3.62 million globally, can severely cripple a business to the brink of bankruptcy. So, if a data breach occurs, who is to blame? Tripwire, a leading global provider of security and compliance solutions for enterprises and industrial organizations, conducted a survey at Infosecurity Europe 2017 to ask security professionals whose neck is most on the line if a company has a data breach.
Of the respondents, 40% believed the CEO’s were the first to be in the firing line if a company was compromised by a data breach, followed by CISO (21%), “other” (15%) and CIO (14%). Based on these results, CEO’s must be aware of the basic principles of security. We have already seen CEO’s accept responsibility for data breaches. Marissa Mayer, CEO of Yahoo, forfeited her cash bonus following a breach under her tenure.
However, the responsibility of understanding and implementing security should not solely fall on the CEO’s shoulders. Foundational security controls should be demonstrated from the board level all the way down to the workforce.