[Reading time: 17 seconds]

When a business thinks about cyber security, I know the focus is on technical security controls – Things like password policy, multi factor authentication, firewalls, and antivirus software.

These are important elements of a secure foundation.

But there are many non-technical elements that will truly decide whether a business can sustain a secure foundation.

One of the most important elements is ownership and accountability.

If there is no one within the business who knows that their neck is on the line if things go badly wrong because of a basic gap in your security defences, then the likelihood of the business drifting into an unsecure state is pretty high.

By comparison, when someone knows that their professional reputation is tied to the security of the organisation, they are far more engaged in finding ways to establish and sustain a secure foundation.

So, the question is:

Who is the person within your organisation who will be held accountable?*

And more importantly, do they know that it is them?

What gets measured owned, gets done.

* If you are uncertain, are you sure others don’t think it is you?