70 percent of cybersecurity leaders worry about personal liability
Stories of CISOs being held personally liable for cybersecurity incidents has negatively affected their opinion of the role for 70 percent of respondents to a new survey.
At the same time 34 percent in the study for BlackFog, of 400 IT decision makers across the US and UK, believe that the trend of individuals being prosecuted following a cyberattack was a 'no-win' situation for security leaders: facing internal consequences if they report failings and prosecuted if they don't.
On a more positive note the research also indicates that increased accountability has led to internal changes to improve cybersecurity practices within their organization. 44 percent of respondents state that their organization has already implemented processes to reduce their cybersecurity exposure, as a result.
The trend of cybersecurity leaders facing increased scrutiny and the potential of personal liability has made the board take cybersecurity more seriously according to 41 percent of respondents. This is higher amongst UK respondents, with 47 percent of security leaders in the UK agreeing it was given greater consideration as a result, versus 35 percent in the US. This has yet to translate into more resources though, as only 10 percent of all respondents say this has resulted in additional money devoted to cybersecurity.
Nearly half of all respondents (49 percent) believe that the potential for an individual to be prosecuted following a cyberattack would improve accountability and transparency amongst cyber professionals. This is higher for respondents in the US (55 percent) compared with those in the UK (43 percent).
When asked about the impact on the cybersecurity leaders of the future, however, only a small proportion of respondents 15 percent, believe that it will be a deterrent for IT professionals to become CISOs.
Dr. Darren Williams, CEO and founder of BlackFog says, "The role of the CISO is all about managing risk for the organization but, as regulations tighten, security leaders increasingly need to consider their own personal risk. High profile instances of individuals being charged will no doubt add to the pressures they feel but could also be a catalyst for Boards to support their leaders. Improvements to governance, clear lines of reporting and incident response procedures are vital, but this must be supported by allocated resources so that security leaders can implement the security measures they need."
You can read more on the BlackFog site.
Image credit: Khosrork/Dreamstime.com