[Reading time: 43 seconds]

I advise the person who is being held accountable for cyber security, even though they are not cyber security is not their field of expertise.

In most of the firms I work with, this tends to be the COO or CEO.

So, when I was reading the findings of a survey by ISTARI of 37 CEOs, I was not surprised to read that 100% of the CEOs “felt accountable for cyber security”*.

As the report states, accountability means “being ‘the face of the mistake’.


So what?

A cyber attack may succeed because it is highly sophisticated** or because some simple security defences are missing***.

It doesn’t matter.

The buck stops with the CEO.

As one CEO is quoted as saying:

“If anything goes wrong in cyber for whatever reason, customers will not excuse me because it is in an area I can say somebody else is looking after.”


So what?

If you are going to be the face of the mistake, and you are assuming someone else is looking after this, I recommend you invest a little bit of your attention to make sure it really is being looked after****.


* To be precise, the phrase that came to mind was ‘No sh**, Sherlock’!

** unlikely.

*** likely.

**** Just shout if you could use my help.