What CISOs need to keep CEOs (and themselves) out of jail

2024-07-31 04:30

Former Uber CISO Joe Sullivan, who was convicted for attempting to cover up a data breach Uber suffered in 2016, recently posited that in the very near future, CEOs might find themselves held directly responsible for cybersecurity breaches.

While cybersecurity budget growth slowed in 2022 and 2023 due to economic concerns, recent surveys of CISOs have reported strong growth in cybersecurity spending in enterprises.

For their part, CISOs know they have more security controls than they can manage: Tool sprawl and tool paralysis are known failings - line items for new cybersecurity controls are not the problem.

If more cash for new or expanded controls is not what's needed, what can CEOs give to CISOs to reduce risk and ultimately shore up the legal liability faced by the CEOs themselves?

CEOs would benefit from showing that they care about cybersecurity and adding metrics to company reports to demonstrate it is a significant concern.

CEOs that are serious about cybersecurity must prioritize collaboration with their CISOs and putting them in the rotation for regular meetings.

News URL

https://www.helpnetsecurity.com/2024/07/31/ceos-cisos-new-controls/

#CEO #ciso