CEO Today. Governance, Accountability And Ownership Of Cybersecurity
30 April 2019
Peter Matthews, Metro CEO, in CEO Today discussing Governance, Accountability And Ownership Of Cybersecurity.
Governance, Accountability And Ownership Of Cybersecurity
In businesses, large and small, cyber anxiety is reaching epidemic levels. With crippling breaches, damaging fines, internal and external threats and careers on the line, CEOs need to champion effective cyber leadership. But what exactly does that look like?
The short answer is that cyber leadership looks like teamwork and feels like a culture of awareness and shared responsibility that travels right to the end of the organisational chart and back again. But short answers tend to disguise layers of knotty complexity.
Questions about who ‘owns’ cybersecurity are alive and kicking. We know the issue needs to be owned by the CEO and board of directors because they’re most likely to be sacked or fined if their company’s acts or omissions lead to a costly cyber incident. IT directors need to own it because they are responsible for procuring clever bits of tech. And given the role of employees in accidental or deliberate data leakage, HR must own their bit of the cybersecurity jigsaw too.
If that’s not complicated enough, we blur terms such as leadership, ownership, responsibility and accountability. And power-play between IT directors, data security managers, heads of HR and others leads to a fight for budget and a flight from responsibility that potentially constitutes a cyber risk in itself. So how can CEOs determine the best way forward?
To read more please go to the May 2019 copy of CEO Today Magazine.