Who should have the ultimate responsibility for cyber security - the CIO or the CISO?

23.4k views3 Upvotes18 Comments

Chief Security Officer in Software, 10,001+ employees
2 7 Replies
CIO in Software, 501 - 1,000 employees

CISO unless the CIO has a very strong background in Cyber Security

CTO in Software, 11 - 50 employees


Chief Information Officer in Services (non-Government), 51 - 200 employees

The CISO with a direct line to CEO or BoD would be ideal.

CTO in Software, 11 - 50 employees
The entire company, including the Board
6 1 Reply
CIO and Startup Advisor in Software, 10,001+ employees

This is by far the best answer here...

Chief Security Officer in Software, 10,001+ employees
I’ll add to my original comment. If a company is mature enough then I still think the CISO, but in a lot of cases, depending on who has the most business/technology responsibility, it is usually the CTO or CIO. At my last 2 companies it has been the CTO.
CTO in Software, 11 - 50 employees
I don't understand the context around a company being mature enough, or not, for security to be a first-class citizen. That will never be solved by reporting structure, and security, as I at least previously implicitly said, needs to be embedded into the entire DNA of a company. Compliance != Security
Chief Security Officer in Software, 10,001+ employees
Completely agree Mike and I think that is what all security pros strive for, but that isn’t always the reality. However, some organizations just haven’t figured out the priority of security.
CISO in Retail, 1,001 - 5,000 employees
I also completely agree with Mike. No single position can consume ultimate responsibility for Cybersecurity. This is a risk that needs everyone and departments in the organisation collectively to prevent, mitigate, address and respond to. So the management board is ultimately responsible.
Group Chief Information Officer in Construction, 5,001 - 10,000 employees
Every single employee, all executives and board members
CEO in Services (non-Government), 201 - 500 employees
CIO in Education, 1,001 - 5,000 employees
VP of IT in Media, 201 - 500 employees
CIO of course…

Content you might like




Non-production DBs (Dev, Training, QA, etc.)30%


1.5k views1 Upvote

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
46.6k views133 Upvotes324 Comments

Very important.31%


Not necessary.5%

Not important at all.1%



Community User in Software, 11 - 50 employees

organized a virtual escape room via https://www.puzzlebreak.us/ - even though his team lost it was a fun subtitue for just a "virtual happy hour"
Read More Comments
13.4k views27 Upvotes67 Comments

Global Chief Cybersecurity Strategist & CISO in Healthcare and Biotech, Self-employed
There are a lot of intern positions posting and increasing.
Read More Comments
1.5k views2 Upvotes8 Comments