The Cyber Buck Stops Where?

I get asked many questions, one of the most common is “Who should be responsible for cyber security in our organization?” A perfectly reasonable and sensible question.

The easy answer to this will only get you so far and that is “It is a board level issue” this is very true and in my opinion vital for successful cyber security management, appraisal and deployment. Organisations need to put cyber security on their risk registers and adopt a regulatory framework to manage cyber security.

Once the board buys into this idea then do we not just simply hand over cyber security to the IT department? Well if that is all that is done then I foresee problems. The IT department has a major role to play but what about the facilities manager? They are often responsible for multiple Industrial Control Systems that are vulnerable to cyber attack. Surely cyber security is now part of there remit?

In many organisations facilities management and the IT department are distinct and separate entities. Bridging these silos is one of the challenges to deploying effective cyber security. How this is overcome will vary from one organisation to another but will certainly need board level support.

It is known that over 90% of cyber attacks involve some form of human error or omission.
Ask yourself this question “Does my IT department have the skills and capacity to educate the entire workforce on how to mitigate social engineering attacks?”

In my previous blogs I have spoken about the need for a cyber security culture that promotes good cyber hygiene. Should we not then be putting basic cyber security training in our induction policies for new staff? So now cyber security widens its scope and falls under the remit of HR.

I feel that cyber security is similar to general Health and Safety. It is everyone's responsibility though some areas have more complex duties and roles to play such as the IT department. In the same way the accounts department needs specialist social engineering training and a high level of cyber hygiene to be truly vigilant. Indeed every employee needs to be aware of cyber security and good cyber hygiene.

Once we begin to do this we are takings steps to secure our organisations from cyber attack. There is no doubt in my mind cyber security starts at the top but is a part of everyone's duty to ensure good security.
Put simply the buck stops with all of us.

Dr John McCarthy

Written by : Dr John McCarthy

Dr John McCarthy is a world renowned authority on CyberSecurity strategy, development and implementation. He holds a PhD in CyberSecurity and eBusiness Development and is an internationally recognized author of a number of works discussing all aspects of CyberSecurity in the modern world

Show comment form