Have you ever "whitewashed" a real security risk?

Leadership Security & GRC

Yes, on my own11%

Yes, because I was asked38%

No, but I have been asked18%

No, and never been asked31%

1096 PARTICIPANTS

7.3k views1 Upvote13 Comments

Sort by:

IT Manager in Construction2 years ago

Well, my feedback and voce is NO.
I know and I am aware of the chain of responsibility but even when enforce for a compromise, I never did it.
The classic example is the MFA 😉

CIO in Education4 years ago

No, I have not.

Director in Software4 years ago

At some point I have been instructed to not enforce a software policy that could open the door to real risks.

CISO in Services (non-Government)4 years ago

The security risk will always be there. There are mitigating strategies and they work to reduce the impact or the likelihood. When we are given resources to mitigate the risk, or assured, we can whitewash the risk. It is not that I have done it but as a hypothesis, it can happen.

Director of IT in Manufacturing4 years ago

Whitewashing anything is a huge no-no, especially security or safety items.

Content you might like

How do you think AI will disrupt business across industries? Add to my list: 1. Content creation 2. Photos and video production 3. Basic coding and debugging 4. Strategic analysis to be highly complimented

What are your IT resolutions for 2026?

To what extent are organisations actually realizing measurable value from AI-enabled capabilities in GRC platforms, and to what degree is embedded AI now viewed as a core, expected feature in GRC tool selection rather than a nice-to-have add-on?

Have you used the MyCISO platform?

Yes - would recommend40%

Yes - would not recommend40%

Yes - other5%

No15%

View Results

With the implementation of AI tools happening at breakneck speed, (or certainly seemingly so) if you could give ONE piece of advice about implementing AI Agents, what would it be?

Focus on a specific business problem14%

Start small and iterate36%

Invest in proper training and change management33%

Prioritize data quality and governance17%

Other (please specify)

View Results

Have you ever "whitewashed" a real security risk?

Sort by:

Content you might like

How do you think AI will disrupt business across industries? Add to my list: 1. Content creation 2. Photos and video production 3. Basic coding and debugging 4. Strategic analysis to be highly complimented

What are your IT resolutions for 2026?

To what extent are organisations actually realizing measurable value from AI-enabled capabilities in GRC platforms, and to what degree is embedded AI now viewed as a core, expected feature in GRC tool selection rather than a nice-to-have add-on?

Have you used the MyCISO platform?

With the implementation of AI tools happening at breakneck speed, (or certainly seemingly so) if you could give ONE piece of advice about implementing AI Agents, what would it be?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Challenges & Tools For A Privacy-First Internet Age

IT and Infosec Collaboration on Vulnerability Patching

Take Your Insights On-the-Go