Who should have the ultimate responsibility for cyber security - the CIO or the CISO?

25.3k views3 Upvotes19 Comments

Sort by:

IT & Strategy Advisor || Digital & Enterprise Architecture Consultant in Consumer Goods2 years ago

The ultimate responsibility of cyber security risk management lies with CISO. While cybersecurity is mostly related to attacks on IT assets, it beyond IT to OT as well. CISOs in many organisations also are responsible for managing potential cyber threats due to vulnerabilities that points in critical infra structure of Operational Technology (OT) that controls it.

Ideally CIO and CISO roles are generally peers in matured organisations for CISOs function to be more effectively. Typically, CIO reports into CFO or CEO depending upon organisation structure. CISO reports into CRO (Chief Risk Officer) or directly into CEO.

VP of IT in Media3 years ago

CIO of course…

CIO in Education3 years ago

CIO

CEO in Services (non-Government)3 years ago

CISO

Group Chief Information Officer in Construction6 years ago

Every single employee, all executives and board members

Content you might like

How do you think AI will disrupt business across industries? Add to my list: 1. Content creation 2. Photos and video production 3. Basic coding and debugging 4. Strategic analysis to be highly complimented

Have you experimented with any new team structures or compositions today that wouldn’t have been previously possible without AI?

Who are the biggest proponents of using AI software engineering agents in your organization? Pick all that apply.

CEO23%

CIO53%

CTO40%

Software department leadership 28%

Team leads30%

Software engineers/developers19%

Someone else (comment to share)

N/A — no plans to use AI agents for software engineering2%

View Results

What changes have you made to your team’s skill requirements and training to support an expanded security role? How do you avoid duplicating security team capabilities while building necessary competencies?

What do you expect to be your main area(s) of investment for data and analytics in the next fiscal year?

Talent30%

New technology67%

Existing technology45%

Process management20%

Something else

View Results

Who should have the ultimate responsibility for cyber security - the CIO or the CISO?

Sort by:

Content you might like

How do you think AI will disrupt business across industries? Add to my list: 1. Content creation 2. Photos and video production 3. Basic coding and debugging 4. Strategic analysis to be highly complimented

Have you experimented with any new team structures or compositions today that wouldn’t have been previously possible without AI?

Who are the biggest proponents of using AI software engineering agents in your organization? Pick all that apply.

What changes have you made to your team’s skill requirements and training to support an expanded security role? How do you avoid duplicating security team capabilities while building necessary competencies?

What do you expect to be your main area(s) of investment for data and analytics in the next fiscal year?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

CrowdStrike Outage: Impact And Recovery

Building Inclusion into DEI strategy: Insights from HR Leaders

How Do Cybersecurity Leaders Address Employee Burnout?

Building an Effective Executive Succession Plan

Software Engineering Teams Plan to Scale Up Productivity

Take Your Insights On-the-Go