Organizations are responding to heightened personal liability risks for Chief Information Security Officers (CISOs) due to new US and EU legislation. A study by Fastly revealed that 93% of organizations modified their policies in the past year, with many enhancing the role of CISOs and increasing scrutiny on cybersecurity documents. However, uncertainty remains about responsibility for incidents, as only 36% have clear roles defined. Fastly's CISO emphasizes that while legal protections are necessary, the focus should also be on fostering true accountability for better security practices.
It's encouraging to see the vast majority of companies making changes to liability disclosure given the inevitability of another worldwide outage that will put CISO accountability back into the spotlight.
CISOs do not make the final call on every decision. When it comes to security risks, the question a board should be asking is, 'Are we aligning the budget to address the risks the CISO has communicated to us?'
Collection
[
|
...
]