Who Gets the Blame When a Hack Occurs ?

Who Gets the Blame When a Hack Occurs ?

If a company finds itself on the receiving end of a successful hack, you would think the IT department or the information security officer would be carrying the blame. This isn't the case anymore as the higher ups are calling other, more powerful people responsible.

A recent survey found that of businesses who have suffered a security breach, the chief executive officers (CEOs) are being held accountable. When surveyed, directors listed the following in order of who needs to accept responsibility for failed cyber security: CEOs, CIO, entire C-suite, CISO, and board members.

Why are the CEOs first on the list? Maintaining up to date security is expensive and requires a great deal of time and resources. If CEOs haven't made cyber security a priority, then they would be to blame for the breach that a business is facing. In these instances, the security officer and IT department would not have had the financing necessary to protect the company to the best of their ability.

With the increasing number of cyber breaches happening to businesses large or small, executives have started to take security more seriously. Of the business surveyed, the majority reported that conversation around internet security is present at almost all board meetings. An overwhelming number also reported they feel their company is not as well protected and secured as it should be. The damage that comes in the wake of a security breach is a concern that more than 70% of the surveyed businesses shared.

While businesses are reporting the shift of focus for who's to blame when things go wrong, the security workers do not share their thinking. Across the board, the people employed in information security positions see themselves as taking the brunt of the blame if a cyber attack happened to them. Security is a team sport yet security experts feel they'll be the ones singled out from the rest.

The pressure on CEOs is causing many businesses to shift their resources to cyber security, making that department stronger and more efficient. The best case scenario shows CEOs, board members, and chief information security officers working together to best protect the company from cyber breaches and hackers. In the event of a security breach, it will be interesting to see who really ends up on the chopping block.