Who is responsible for cybersecurity in the enterprise? I have encountered widespread opinions depending on the type of organisations, culture and size, and two things stood up: the responsibility of cybercrime is not monogamous, and collaboration among stakeholders is key.
In fact, different organisations place the responsibility of cyber security at the feet of different roles, as a Global Economist Intelligence Unit survey found out, confirming a variety of approaches on how leadership implements cybersecurity across their organisations.
In theory, the responsibility of cybersecurity is placed with the CTO or CISO, but it has far-reaching implications should disaster strike. With so many stringent data regulations such as GDPR and the Consumer Protection Act, or the newly enacted Cybercrimes Bill, it’s not unheard of CEOs and corporate heads being dismissed after serious data breaches.
Poor security practices inevitably lead to financial loss and reputational damage, which affects the entire organisation’s bottom line and credibility. Trust and loyalty are hard to replace. The need for strong cybersecurity leadership has never been so high and desirable.
Our Integrated Management System (MSX) merges all organizational systems and processes in to one common cohesive framework that drives business excellence and ensures continual improvement. MSX enables business leadership to view management performance across the business activities and assists leaders to make informed actionable decisions.
In the survey mentioned above of over 450 companies across multiple industries, almost 40% of executives felt that the board should oversee cyber, compared with 24% who said it should be the role of a specialised cyber committee, CTO or CISO. Finally, a small portion of respondents believed it should be the responsibility of audit, risk or some other subgroup.
What can organisations do to instil more effective leadership concerning cybersecurity? The Global Economist Intelligence Unit survey conveyed, despite the differences of opinion, that a stronger communication and collaboration is needed across all various cybersecurity functions and practices, between the main board and the CTO or CISO leadership.
Security not only needs good stewardship across all departments in the organisation, but it can be built from the beginning into how businesses operate in the marketplace. The responsibility could fall upon the person or team who can best act on security recommendations, whether inside or outside the IT department.
The main challenge remains, though, the lack of communication among different leadership roles at the enterprise level. Only 8% of executives profiled in the research above said that their CISO or equivalent communicated the financial, workforce, reputational or personal consequences of cyber threats.
Cyber risk profiling remains a serious concern for organisations, alongside with a lack of internal support, poor governance and security compliance, unreliable data and vulnerabilities in security management systems or as a result of security audits.
Click here to find out more about the research.
Is your organisation protected against data security risks and cyber attacks?
MSX Cyber, part of the XGRC product range, assists organisations to drive performance and compliance with its integrated information security management system built on the ISO 9001 Quality and ISO 27001 Information Security framework.