View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 28, 2014

Why CIOs ‘should lead data breach responses’

But what big risk to data security are companies overlooking?

By Joe Curtis

CIOs are best-placed to co-ordinate reactions to data breaches, according to an HP-sponsored study.

More than half of 495 senior executives surveyed told the tech giant the chief information officer has the most responsibility to lead their company’s response to a cyber attack, compared to just 27% who picked the CISO.

HP Enterprise Security Services told CBR this reflected the firm’s recommendation to adopt a business-wide attitude to security, and said the CIO has a wider range of responsibilities than the CISO.

Security strategy head Richard Archdeacon said: "I think that is because you can get the pan-organisational view from that role. The CIO can span all of IT rather than just the security aspect, they would be in a better position to pull the strands together."

HP’s study, carried out by the Ponemon Institute, found that 85% of firms included the legal department in their incident response strategies, followed by compliance and IT divisions at 70%, with HR and finance both involved by 55% of companies surveyed.

Archdeacon said: "It’s about making an end to end approach to security. You have a whole series of people involved in participating in incident response planning, it’s bringing together all of those different threads."

Another 79% of respondents said it was crucial senior executives were involved in planning a strategy, and HP recommended drilling staff to test how ready a firm was for a cyber attack.

Content from our partners
Powering AI’s potential: turning promise into reality
Powering AI’s potential: turning promise into reality
Unlocking growth through hybrid cloud: 5 key takeaways
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How businesses can safeguard themselves on the cyber frontline

However, while eBay is being served with a class action lawsuit after losing an alleged 145 million customer details following a hacker breach back in February, HP highlighted the insider threat as an overlooked business risk.

"It’s the person in a position of trust who accidentally creates a breach by sending the wrong information out or putting a spreadsheet out mistakenly," warned Archdeacon.

While the ‘new style of IT’, such as cloud computing and BYOD, have made this risk more prevalent, he added, firms must educate their staff to ensure they act responsibly to avoid accidental human error breaches.

"It’s not just looking at access and privileges but looking at how the data should be managed and issues like user awareness and user education," Archdeacon said.

Websites in our network
The New Statesman Press Gazette Spears World of Fine wine Elite Traveler Leadmonitor
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU