The C-Suite and the Risk of Not Being CyberSecure Savvy
A recent article on CNBC showed that 40% of corporate executives surveyed feel they’re not responsible for cybersecurity. It referred to a survey conducted by endpoint company Tanium that noted: “More than 90 percent of corporate executives said they cannot read a cybersecurity report and are not prepared to handle a major attack.” While that may not be too surprising, the article further quoted its CEO Dave Damato as saying “the most shocking statistic was really the fact that the individuals at the top of an organization — executives like CEOs and CIOs, and even board members — didn’t feel personally responsible for cybersecurity or protecting the customer data.”
While in a previous blog post, we noted how of 85% of CIOs in the UK surveyed by Carbon Black, none believed they could be breached without them knowing.
We’re not here to tell anyone how to do their job; everyone needs to weigh the risks involved in their day-to-day operations. CEOs are more than aware of the threats their organizations may face, and they know how best to manage these threats. With that, CSO Online has compiled a short list of cases where data loss resulted in job losses, which we’ve excerpted below and added a few extra for good measure. We warmly recommend that C-Suite professionals carefully analyze the cost / benefit of becoming cyber-secure savvy, and making understanding their organization’s cybersecurity posture a priority.
Some of those who lost their jobs due to a breach include:
- Maricopa County Community College District, Arizona: The Director of the district’s information-technology department
- Texas State Comptroller’s Office: The company’s Comptroller , plus an undisclosed number of information security executives
- Utah State Department of Technology Services: Head of the state’s Department of Technology Services
- Ashley Madison: The founder and CEO , who voluntarily stepped down after the breach
- Target: The CEO, who was “forced to resign”
For further reading on this subject, see the following blog posts on executive responsibility for cybersecurity.