The business disruption caused by COVID-19 has created several new cyber risks for companies to manage. Cybersecurity is not merely protecting the assets and updating the software, but it is also about understanding who is responsible for predictions, preparation, process, and rectification when things go wrong. In this article at Information Age, Charlotte Walker-Osborn explains what organizations must do to protect their users and businesses, and who should be legally responsible for cybersecurity.
Legal Liability in Information Security
Globally, the IT industry has witnessed massive cyber attacks in the recent past. Cybercrime affects organizations through production loss, destruction and theft of personal and financial data, monetary loss, and reputational damage. So, who is legally responsible for cybersecurity? “Frequently, the actual security issue comes down to a human error in usage; for example, the user or employee not closing the conference call once the meeting is finished; weak passwords; or utilizing non-essential functionality, which is less protected,” says Charlotte.
Besides the end-users, management must also own cyber risk management. Many CEOs only want to invest in cybersecurity when they foresee that something will happen or can happen. This is especially true in small companies with a limited budget where there is no CIO, CISO, or IT director in place, and the CEO has limited knowledge of cyberattacks.
What Should Management Do?
True cybersecurity goes beyond just securing data and the business systems. Leadership success lies in ensuring that the issue of cybersecurity has the right profile within the organization. If almost all links are secure, but one link is not, then all players in the chain are at risk from breaches. Business leaders must be more proactive than just being aware of cyber threats. Their focus must be on making sure that people, technology, and processes work harmoniously to mitigate risks posed by cybercriminals. Management must embed these principles in every activity of the business. To read the full article, click on https://www.information-age.com/taking-responsibility-for-cyber-security-truly-virtual-world-123489702/