April 4, 2016 By Douglas Bonderud 2 min read

Who’s ultimately responsible for cybersecurity? It’s a critical question; according to Bloomberg BNA, 84 percent of businesses polled have adopted some kind of cybersecurity framework, and information security is quickly becoming a high-priority boardroom topic.

But there’s a problem: A new survey found that more than 90 percent of executives can’t read a security report, CNBC reported. More worrisome? Forty percent say they “don’t feel responsible” for the repercussions of a hack. Are execs passing the buck on cybersecurity responsibility?

Rolling Downhill

As noted by CNBC, many C-suite executives don’t feel prepared to handle a cyberattack but aren’t making the effort to become personally invested in the InfoSec process. Instead, they’re “handing this off to their techies, and they’re really just placing their heads in the sand right now,” said Dave Damato of security firm Tanium, whose company commissioned the recent survey along with Nasdaq.

With companies losing more than $400 billion a year to cybercrime, it’s impossible for executives to ignore the effects of bad security habits. However, since IT expertise isn’t part of the executive skill set, it’s often easier to delegate this responsibility downhill and focus on more pressing line-of-business tasks.

Opting out, however, comes with two significant risks. First is a complete absence of adequate protection. SC Magazine reported that 16 percent of all companies surveyed didn’t have any type of cybersecurity framework in place. If executives aren’t willing to invest time or money into the process, IT professionals will find other tasks to complete.

Another problem? CEOs and other high-profile executives are often on the hook as the public face of a data breach or loss. Shareholders want accountability, and “it wasn’t my job” isn’t a satisfactory answer.

Talking Up Cybersecurity Responsibility

Helping executives embrace cybersecurity responsibility requires a two-pronged approach. It starts with InfoSec professionals and CISOs improving data presentation and visualization at board meetings.

Tripwire put it simply: IT staff have trouble talking to management. This won’t be a terminal problem if they take a cue from other boardroom presenters and adopt a hits-and-highlights strategy — provide clear, actionable data without embellishment or excessive technical detail.

C-suite executives, meanwhile, need to re-evaluate their time investment since it’s not possible to pick up enough security knowledge simply by paying attention during presentations. Management must take some extracurricular initiative to learn critical IT terms, network vulnerabilities and potential repercussions.

If a breach occurs, CEOs who know exactly what happened, are part of the plan to fix the problem and who don’t pass the buck have a far better chance of keeping their title when the dust and data settles.

More from

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today