91% of practitioners believe the burden for security lies with the board rather than security managers or CISOs. 56% believe senior management should face consequences, including fines, prosecution, and sanctions, for serious cybersecurity failings, while only 34% believe an employee who breached policy should be held responsible. The situation demands a more collaborative approach between boards and frontline practitioners, more learning for cybersecurity professionals, improved understanding of regulations, and better communication of risk to stakeholders outside the security function. Growing regulatory scrutiny from the EU AI Act, DORA, NIS2, and the UK's Data (Use and Access) Bill increases practitioner focus on compliance and minimum standards.
CIISec's recent State of the Security Profession report shows 91% of practitioners believe the burden for security lies with the board, and not security managers or CISOs. Notably, more than half (56%) said they believe senior management figures should "face consequences", including fines, prosecution, and sanctions, for serious cybersecurity failings. Just 34% believe the employee who breached policy - if that's the case - should be held responsible.
"If the buck stops with senior management - as the survey makes clear - our profession must take a more collaborative approach to security, ensuring the board is aware of the risks and included in major decisions," she said. "This means more learning for cybersecurity professionals, improved understanding of regulations and developing better communication of risk to stakeholders outside of the security function."
#board-accountability #cybersecurity-governance #regulatory-compliance #senior-management-consequences
Collection
[
|
...
]