Subscribe Now

* You will receive the latest news and updates on the Canadian IT marketplace.

Trending News

Blog Post

Who should be held responsible for a data breach?
SECURITY

Who should be held responsible for a data breach? 

But when they do happen, usually board members, CEOs and shareholders all want someone’s head to roll. This leads us to a complex question; when there’s a data breach in an organization, whose fault is it?

The results of a new survey by Tripwire of 250 IT conference attendees says the responsibility lies with C-level executives.

“Who should be held responsible in the wake of a data breach on critical infrastructure in your organization”

When asked, “Who would be held responsible in the wake of a data breach on critical infrastructure in your organization?” 41 per cent of respondents said “CIO, CISO or CSO.” When asked, “Who should be held responsible in the wake of a data breach on critical infrastructure in your organization,” 35 per cent said “CIO, CISO or CSO.”

Interestingly, only 18 per cent of respondents believe the chief executive officer would be held responsible and only 10 per cent believe the company board would be held responsible.

In other words, its senior officials within IT that take the responsibility, not the executives who set their budgets, the employees who use the technology or even rank and file IT personnel who do most of the ground work.

“Cyber security liability is difficult to assign because you have to determine who knew about the risks, and then you have to figure out what they did, or did not do about them,” said Ken Westin, a senior security analyst for Tripwire.

“If the CEO is made aware that of security risks and does not provide the resources or plans to fix them, they own some of the responsibility. On the other hand, if the CISO does not share information about risk in a format that the CEO can understand, or fails to deploy the security controls and monitoring necessary to identify potential risks, then a greater share of the responsibility falls on her. However, cyber security is a team sport that requires active support across the organization and from all levels of the executive team.”

So remember, all you C-level IT executives out there, more often than not it’s your head on the chopping block when it comes to data breaches.

Related posts