Who should have the ultimate responsibility for cyber security - the CIO or the CISO?

ArchitectureStrategy
25.3k viewscircle icon3 Upvotescircle icon19 Comments
Sort by:
IT & Strategy Advisor || Digital & Enterprise Architecture Consultant in Consumer Goods2 years ago

The ultimate responsibility of cyber security risk management lies with CISO. While cybersecurity is mostly related to attacks on IT assets, it beyond IT to OT as well. CISOs in many organisations also are responsible for managing potential cyber threats due to vulnerabilities that points in critical infra structure of Operational Technology (OT) that controls it.

Ideally CIO and CISO roles are generally peers in matured organisations for CISOs function to be more effectively. Typically, CIO reports into CFO or CEO depending upon organisation structure. CISO reports into CRO (Chief Risk Officer) or directly into CEO. 

VP of IT in Media3 years ago

CIO of course…

CIO in Education3 years ago

CIO

CEO in Services (non-Government)3 years ago

CISO

Group Chief Information Officer in Construction6 years ago

Every single employee, all executives and board members

Lightbulb on2

Content you might like

What is the biggest problem businesses will face in the next decade?

The pace of change72%

Unpredictability27%

Why do you think there are so few mature AI-driven autonomous pentesting solutions on the market, and why does this topic seem to generate more hype than in-depth technical discussion?

Read More Comments

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Read More Comments

Do you think data stewardship should be a full-time job, or a role that is added onto an existing position?

Full-time job45%

Role added to an existing position45%

A mix of both10%

View Results

Which key pentesting capability do current AI-driven vendor solutions most fail to cover?