Chief Information Security Officers (CISOs) are now facing a fresh challenge in addition to dealing with cybercriminals’ intensifying activities and regulatory tendencies to hold executives individually accountable for security slips. Notably, there is a mounting concern that their fellow top-level executives may scapegoat them in the event of any cybersecurity mishaps.
This situation has necessitated cybersecurity experts to start recommending CISOs to meticulously keep all their diligent attempts at ensuring security in record. This documentation should include instances of suggested security investments that were declined on account of being overly expensive. The idea here is to establish a clear record of attempts to improve security, which could be useful in the face of potential blame.
An illustration of this trend is provided by Larry Whiteside, the CISO at RegScale. Whiteside pointed out that sometimes top-level executives overlook funding for a crucial security fix, yet, ironically, it’s the CISO who bears the brunt when things go wrong. In all likelihood, these dynamics underscore the important but inherently challenging role that CISOs play in the corporate world.
For officers in such a significant position, it’s never been more critical to keep one’s steps well-documented. And for corporations, it sends out a stark reminder about the necessity of putting cybersecurity considerations at the forefront of decision-making, rather than treating them as an afterthought that could result in scapegoating.
Learn more about this situation in the original article on Law.com.