The responsibility of managing and overseeing the cyber risk in an organization must sit at the executive level
To be most effective an organization must have a person providing leadership and oversight in the strategic planning, execution, and assessment of security strategies, policies, procedures and guiding practices. Ensuring compliance with legal obligations in respect of information and information security is also a key responsibility.
More commonly the role of the Chief Information Security Officer (CISO) is emerging. Organizations that had previously not identified the need for a CISO need to re-evaluate this as a priority. It is also crucial this role has independence from IT and has a direct reporting channel into the board. This position indicates the organization is taking a formal approach to monitoring cyber threat risk with regular updates and board oversight.
Cyber-attacks could cause severe disruption to a company’s business functions or operational supply chain, impact reputation, compromise customer information or result in loss of intellectual property.
You can read the full article on Information Age here.