What CISOs Need To Keep CEOs (And Themselves) Out Of Jail
HelpNet Security, Wednesday, July 31st, 2024
Former Uber CISO Joe Sullivan, who was convicted for attempting to cover up a data breach Uber suffered in 2016, recently posited that in the very near future, CEOs might find themselves held directly responsible for cybersecurity breaches.
Considering the changes in the Cyber Security Framework 2.0 (CSF 2.0) emphasizing governance and communication with the board of directors, Sullivan is right to assume that liability will not stop at the CISO and will likely move upwards.
In his essay, Sullivan urges CEOs to give CISOs greater resources to do their jobs. But if he's talking about funding to purchase more security controls, this might be a hard sell for CEOs. Cybersecurity budget growth has consistently outpaced general IT spending. While cybersecurity budget growth slowed in 2022 and 2023 due to economic concerns, recent surveys of CISOs have reported strong growth in cybersecurity spending in enterprises.