Cybersecurity » Blaming the CISO Is Counterproductive

Blaming the CISO Is Counterproductive


Holding the chief information security officer responsible after a company discovers a data breach sounds like a no-brainer. Not long ago the CEO bore the responsibility, but increasingly CISOs have become the scapegoat, often losing their jobs, and sometimes facing legal culpability. This creates a precedent that could put companies at greater risk, argues Sue Poremba, writing for Security Intelligence. The CISO isn’t always the one making decisions about which security systems a company needs. That’s usually someone higher up the management ladder with more clout but less technical know-how. Most data breaches and other cyber incidents are caused by employees who use weak passwords, or fall for phishing emails and social engineering attacks. Boards of directors and high-level executives want to show their stakeholders and customers that someone with the word “security” in their job title is held responsible, but ultimately this can make organizations more vulnerable to attack. Poremba shows how two recent, highly-publicized major cyberattacks: SolarWinds and Uber, fed this trend. There’s already a serious talent shortage in the cybersecurity field, she says, and making the CISO personally liable for breaches could cause fewer people in the security industry to move into leadership roles.

Get our free daily newsletter

Subscribe for the latest news and business legal developments.

Read this next

Legal Ops Need to Assess Their Information Governance Programs

The AI Executive Order’s Impact on the Healthcare Industry

President Biden’s Executive Order on the Safe, Secure, and Trustworthy Development and […]

14 Proven Tactics to Elevate Your Law Firm's Webinars and Drive Results

Cybersecurity Agency Warns About Hacking Collective

The Cybersecurity and Infrastructure Security Agency and the FBI have issued a […]

Understanding Quantum Security Essential In Mitigating Risk Of Newest Cyber Threat

Data Privacy and Reputation Concerns About Adopting AI

Reputational damage was the greatest source of concern about AI, followed by […]

Scroll to Top