Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 28 May, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Is the CEO to blame for a Data Breach? Infosec professionals have spoken!

by The Gurus
July 26, 2017
in Editor's News
Data Breach Cyber attack code
Share on FacebookShare on Twitter

The past year has seen attacks like Wannacry and Petya cause worldwide disruption, with countless data breaches harming household names. The damage to reputation, and increased public scrutiny, coupled with the average cost of a data breach now estimated at $3.62 million globally, can severely cripple a business to the brink of bankruptcy. So, if a data breach occurs, who is to blame? Tripwire, a leading global provider of security and compliance solutions for enterprises and industrial organizations, conducted a survey at Infosecurity Europe 2017 to ask security professionals whose neck is most on the line if a company has a data breach.
Of the respondents, 40% believed the CEO’s were the first to be in the firing line if a company was compromised by a data breach, followed by CISO (21%), “other” (15%) and CIO (14%)[1]. Based on these results, CEO’s must be aware of the basic principles of security. We have already seen CEO’s accept responsibility for data breaches. Marissa Mayer, CEO of Yahoo, forfeited her cash bonus following a breach under her tenure.
However, the responsibility of understanding and implementing security should not solely fall on the CEO’s shoulders. Foundational security controls should be demonstrated from the board level all the way down to the workforce.
Tim Erlin, VP at Tripwire said, “Accountability starts with the CEO, but information security is a shared responsibility across every function and level of an organization. Data breaches are a problem that the board-level executives need to be responsible for addressing, which means that the CISO must be involved in those board-level discussions. The board can’t take meaningful, productive risk management action without that expertise in the room.”
“Nevertheless, even the most diligent organizations are still susceptible to attack, and to human error. Businesses need to implement and maintain a core set of foundational security controls, which is a proven strategy for reducing the risk of cyberattacks. The focus should be on a balance of tools and outcomes, and especially a balance between prevention and detection.”
In addition to finding out whose neck was on the line from a data breach, Tripwire also uncovered which department security professionals felt struggled most with cyber security. Nearly a third (29%) thought the Operations department struggled with dealing cyber attacks. Departments chosen by security professionals included Finance (14%), Sales (13%), HR (11%) and Marketing (10%) found it difficult when handling cyberattacks[2].
Erlin added, “Companies must recognise the need for a cross-functional incident response plan. The worst time to plan for a cyber attack is after the incident has occurred, but this is what happens far too often. Security hygiene goes a long way toward making the attackers job’s difficult, as well as creating confidence in your company’s overall security, but incidents still occur and creating awareness of the incident response plan ahead of time will prevent panic, especially from the groups that don’t worry about these attacks on a daily basis.”
 
Survey Results:
 
[1] In your organisation, whose neck is most on the line if you have a data breach?
Results based on 350 responses:

  • 39.71% CEO
  • 20.86% CISO
  • 14.57% Other
  • 13.71% CIO
  • 6.00% CRO (Chief Risk Officer)
  • 3.71% COO
  • 1.43% CFO

 
[2] In your organisation, which department do you think struggles most with cyber security?
Results based on 350 responses to this question

  • 14% Operations
  • 43% Other
  • 00% Finance
  • 86% Sales
  • 14% HR
  • 43% Marketing
FacebookTweetLinkedIn
Tags: CybersecurityTechnology
ShareTweet
Previous Post

Businesses must be savvy to mobile security threats as app adoption spikes

Next Post

'Virtual kidnapping' phone scams claim victim's family members have been abducted

Recent News

SnapDragon Monitoring scam advice

Tips to Protect Against Holiday and Airline Scams

May 25, 2023
Access Segmentation & Encryption Management from MyCena

New security model launched to eliminate 95% of cyber breaches

May 25, 2023
KnowBe4 Helps Organisations Battle QR Code Phishing Attacks With New Tool

KnowBe4 Helps Organisations Battle QR Code Phishing Attacks With New Tool

May 25, 2023
Purple Logo, capitalised letters: SALT.

Salt Security Uncovers API Security Flaws in Expo Framework, Issues have been Remediated

May 24, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information