In most companies, both the CISO and the CIO are responsible for cybersecurity, which is becoming increasingly important to the efficient operation of any modern business. Clear and defined cybersecurity ownership can be crucial to a company’s security positioning.
According to a recent ISACA’s “State of Cybersecurity 2021” survey of about 3,700 global cybersecurity experts, nearly half (48%) of cybersecurity teams report directly to a CISO, while one in every four reports to the CIO. Despite the disparities in reporting connections, the survey indicated no significant differences in perspectives on increasing or decreased cyber-attacks, the ability to detect and respond to cyber-threats, or cybercrime reporting between the CISO and the CIO.
For factors such as the size of an organization, sector, and regulatory requirements, responsibility for cybersecurity problems might differ among CIOs and CISOs. Nonetheless, as cybersecurity gets more entangled with wider business factors, the question of who wears what form of cybersecurity ownership hat and why is becoming increasingly important.
CISOs vs. CIOs: Who is in charge of cybersecurity?
The CIO is primarily concerned with ensuring that the correct tools are used to enhance productivity, as well as identifying trends that affect the organization and finding new ways to use and create better technology. The CISO is responsible for proactively ensuring data security, integrity, and other related issues.
The responsibility of a CISO is often to look at security from an operational standpoint, protecting the company from cyber threats. However, a CIO is more concerned with incorporating security by design into a company’s broader tech stack and ongoing digital transformation projects in order to increase resilience, improve user experience, and increase efficiency.
The cybersecurity responsibilities of the CISO
Protecting vital information, such as customer data, employee data, and source code is a top priority. It’s critical to think about the big picture when it comes to security. This involves determining how to best manage any risks posed by third parties involved in the firm. In addition, the CISO is in charge of arming employees to the greatest extent feasible in order to make sure that they are prepared for and protected against security threats.
Current security measures need navigating the hybrid working era to protect the company. Since work is typically conducted without the protection of traditional on-premises equipment, it has been tempting for cybersecurity to place more restrictions on employees in the remote, work-from-home model of the previous 18 or so months. These security regulations and limits, on the other hand, were created for a time when remote working was the exception rather than the norm, and they should be seen through a fresh lens.
Cybersecurity should now be integrated into every aspect of a company’s operations, and it needs to be a top priority for everyone from the CEO to entry-level employees.
The cybersecurity responsibilities of the CIO
While the CISO is in charge of many aspects of cybersecurity on a day-to-day basis and in the future, in most businesses, the CIO, who reports to the CEO and the board of directors, takes the responsibility of all things associated with the IT infrastructure– which includes, tools, as well as threats. As a result, the CIO cannot completely delegate the duty to the CISO. Instead, they should maintain security strategy awareness and ensure that it does not jeopardize the organization’s broader strategy or vice versa.
Today’s CIOs are responsible for a wide range of security responsibilities, including availability, performance, budgeting, and project delivery on schedule. Every business unit inside an organization is enabled and supported by the CIO. As a result, they inherit each business unit’s information security requirements.
The job of the CIO is evolving to include a lot more than just administering traditional operations. It is increasingly involving the use of new technology to deliver digital capabilities to enterprises. Some of these technologies, such as how data is architected, can be unfamiliar to a business and pose potential risks. Hence, it is the responsibility of the CIO to be well-versed in the cybersecurity trends of any new technologies.
For more such updates follow us on Google News ITsecuritywire News.