[Reading time: 43 seconds]
I advise the person who is being held accountable for cyber security, even though they are not cyber security is not their field of expertise.
In most of the firms I work with, this tends to be the COO or CEO.
So, when I was reading the findings of a survey by ISTARI of 37 CEOs, I was not surprised to read that 100% of the CEOs “felt accountable for cyber security”*.
As the report states, accountability means “being ‘the face of the mistake’.”
So what?
A cyber attack may succeed because it is highly sophisticated** or because some simple security defences are missing***.
It doesn’t matter.
The buck stops with the CEO.
As one CEO is quoted as saying:
“If anything goes wrong in cyber for whatever reason, customers will not excuse me because it is in an area I can say somebody else is looking after.”
So what?
If you are going to be the face of the mistake, and you are assuming someone else is looking after this, I recommend you invest a little bit of your attention to make sure it really is being looked after****.
* To be precise, the phrase that came to mind was ‘No sh**, Sherlock’!
** unlikely.
*** likely.
**** Just shout if you could use my help.