As recent breaches suffered by Target and The Home Depot show, attacks are whole-company concerns. After an expansive breach, the company’s brand might burn, sales might tank, and loyal customers might leave — not to mention any fines or penalties the company might incur.
Preventing and mitigating such breaches is the CISO’s job. But a CISO’s stated responsibilities and real duties rarely align. Nearly 80 percent of the CISOs Deloitte interviewed said they spend significant time chasing buy-in from executives who view cybersecurity as a technical or compliance issue.
These attitudes can turn even strong enterprises into ticking time bombs. CFOs, in particular, need to realize that the CISO’s job isn’t to keep a particular financial figure in the black. It’s to prevent a catastrophe — and, if one occurs, to mitigate it — thereby keeping the entire company’s financial figures from running red.