If a security breach affects your organization, your main focus may be to solve the problem as quickly as you can, not point the finger in blame. But your customers want to know why it happened and who was responsible, even if the breach occurred because of their own lax security measures (e.g., sharing passwords or opening suspicious emails). In fact, a recent survey found that 70 percent of consumers expect businesses to take responsibility in the event of a data breach. But who within your organization should take the heat?
If an organization doesn’t budget enough for security solutions, the fault will likely be placed on whoever makes the financial decisions, stemming from the CEO. In fact, 29 percent of IT decision-makers who took part in a recent VMware survey thought that the CEO should be held responsible in the event of a large-scale data breach.
If a data breach occurs even after your company adequately budgets for cyber security solutions, 21 percent of IT security professionals surveyed would still hold your CISO accountable in the event of a data breach.
According to a 2014 report, 95 percent of cyber security incidents are due to human error. That’s why personnel who manage IT security on a regular basis are easy targets for blame.
While accountability may start with the CEO and board of directors, everyone in your organization should take responsibility for cyber security. Even if you have the most modern cyber security technology, its return on investment will be nonexistent without full employee participation.