CEOs not deemed responsible for cyber-security -- but they should be

Chief executive officers in the UK are still far from being considered responsible for keeping their organizations safe from cyberattacks, according to a new report by NCC Group. The report, which the risk mitigation and cybersecurity company just released, is based on a poll of 200 UK board of directors, where they were questioned on cybersecurity. Just 13 percent say the managing director was responsible for cyber risks in their company.

Also, just nine percent named the financial director. The biggest burden is still on the shoulders of CTOs and CIOs -- 52 percent. "Boards continue to pass the cyber buck by delegating accountability to technical leads likes CIOs and CTOs. Cyber security is the responsibility of the CEO and the main board as it is the most significant issue facing businesses today", comments Rob Cotton, CEO at NCC Group.

"To address this we have created a Cyber Security Committee, and as CEO, I personally sit on the committee and assess the performance of the Group’s internal security and defenses, reporting back on a monthly basis", adds Cotton.

To better promote board level ownership, NCC Group developed and released the Cyber Security Committee Toolkit -- offering documentation which can help other companies launch their own, similar committees.

"Boards fully discuss, report and become expert on accounting policies, health & safety, CSR and executive remuneration, however, this is not the case with a company’s most valuable assets: its data and information. It’s time to take control and be proactive", Cotton continues. "We’d welcome discussion with any company looking to set up a Cyber Security Committee".

Published under license from ITProPortal.com, a Future plc Publication. All rights reserved.

Photo Credit: Alexander Supertramp/Shutterstock