Does cyber security fall under CEO, CISO or IT?

Does cyber security fall under CEO, CISO or IT?



Although business leaders are aware of the need to secure their companies against cyber threats, the ultimate responsibility for security usually lies with IT management.

A recent survey of 225 companies worldwide by research firm Gartner found that in 85 percent of organisations, the CIO or IT manager on the one hand or the CISO (chief information security officer) is the highest responsible manager for cyber security.

In 57 percent of cases, the CIO, IT manager or person in a similar position is responsible. In 28 percent of cases, it is the CISO. Only 10 percent of organisations placed the accountability with non-IT senior managers, and with a person with a different profile in 5 percent of cases.

‘It’s not just about IT’

88 percent of management boards see cyber security as a business risk, rather than a technology risk, the survey found. At the same time, only 12 percent of management boards have a dedicated board-level cyber security committee.

“It’s time for executives outside of IT to take responsibility for keeping the business safe and secure”, says Paul Proctor, Chief of Research, Risk and Security at Gartner. “We saw an influx of ransomware and supply chain attacks in 2021, many of which targeted operational and mission-critical environments, and they should be a wake-up call that security is a business-wide issue, and not just a problem that IT has to solve.”

Building a secure future

The increase and acceleration of digitisation brings new cyber threats to our world. Interested in the future of cyber security? With keynotes from security experts like Mikko Hypponen, hacking experts like Tobias Schroedel and inspiring sessions from innovative and leading organisations, Cybersec Europe will be a 2-day all-round IT-Security event at Brussels Expo on 11 and 12 May. Register for free now.

Gerelateerde artikelen