Skip to main content
close search
site logo
Dive Brief

CIOs and CISOs no longer solely own cybersecurity responsibility

Published Oct. 31, 2018
Samantha Schwartz's headshot
Samantha Schwartz Reporter
CC0 Public Domain Free for commercial use No attribution required Pixabay

Dive Brief:

  • Spreading the responsibility of cybersecurity enterprisewide is one of the key steps to redefining cyber and how it's treated, according to William Evanina, director of National Counterintelligence and Security Center at the Office of the National Intelligence, while speaking at the Symantec Symposium in Washington Tuesday.
  • This is includes shifting sole responsibility away from the CIO or CISO while adding a chief risk officer to the C-suite. "Very few people own consequence right now," he said, but "we should all own consequence."
  • To better define cyber, first identify key assets, decide how they need to be protected and create a policy for guiding and upholding their protection, according to Evanina. To help this process, hire a chief risk officer to perform "tabletop" exercising twice a year, and cultivate a better public and private sector partnership.

Dive Insight:

Cybersecurity can't exist in a vacuum, whether at a company or government agency. Organizations can no longer relegate security to a support element; it is a mission critical element.

In the past, Evanina "didn't care" who his CIO was, he just wanted to his email to work. But that's changed. 

The CIO can't prevent every employee from clicking a malicious link, but they can encourage a more inclusive and holistic approach to cyber awareness in a company. The heads of HR and acquisition and procurement know employees and their behaviors, making these department heads primary liaisons for cyber awareness.

Investing in cybersecurity is a "harder pill to swallow because it's not a profit maker" for the private sector, said Evanina, but it costs more to disregard it.

Cyberattacks and other incidents like Nyetya and the CCleaner supply chain attack have largely outlived their relevance in the news. "My fear is they're no longer on the front page," said Evanina, "they're buried." This results in a lack of incentive to drive solutions to the point no solutions will be found.

Ultimately, when cybersecurity exists under the radar and off the front page, companies and governments will "become numb" to the loss of hundreds of millions of dollars in related collateral.

Filed Under: Security, Leadership

Editors' picks

Company Announcements

View all | Post a press release
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
New Research Reveals AI's Impact on IT's Power, Status, and Pay
From 1E
November 21, 2024
Newgen and Fadata Join Forces to Optimize Insurance Content Management
From Newgen Software
November 13, 2024
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell