Who should have the ultimate responsibility for cyber security - the CIO or the CISO?

25.3k viewscircle icon3 Upvotescircle icon19 Comments
Sort by:
IT & Strategy Advisor || Digital & Enterprise Architecture Consultant in Consumer Goodsa year ago

The ultimate responsibility of cyber security risk management lies with CISO. While cybersecurity is mostly related to attacks on IT assets, it beyond IT to OT as well. CISOs in many organisations also are responsible for managing potential cyber threats due to vulnerabilities that points in critical infra structure of Operational Technology (OT) that controls it.

Ideally CIO and CISO roles are generally peers in matured organisations for CISOs function to be more effectively. Typically, CIO reports into CFO or CEO depending upon organisation structure. CISO reports into CRO (Chief Risk Officer) or directly into CEO. 

VP of IT in Media3 years ago

CIO of course…

CIO in Education3 years ago

CIO

CEO in Services (non-Government)3 years ago

CISO

Group Chief Information Officer in Construction6 years ago

Every single employee, all executives and board members

Lightbulb on2

Content you might like

Open Data with Open AI model22%

Private Data with Open AI model64%

Open Data with Private AI model9%

Private Data with Private AI model4%

View Results

Amount of data debt18%

Budget58%

Business strategy51%

Company size24%

Data/analytics architectures31%

Data sources30%

Data strategy29%

Industry12%

Operating model14%

Organizational structure9%

Technology stack17%

Other

View Results