As data breaches continue, how can organizations protect their valuable information?
In 2013, 40 million credit cards and 70 million customer addresses, phone numbers and other personal data were stolen from the Target corporate systems. Three years later, data breaches show no sign of slowing, with LinkedIn and the IRS only two of the latest in a long list of organizations whose data has been compromised.
To avoid becoming the latest data breach statistic, organizations need to take concrete steps to prioritize security. One step organizations can take is making the CISO (or head of security) a direct report to the CEO, rather than reporting to the CIO. Although security falls under the IT umbrella, making the CISO and CIO peers helps ensure security considerations get an equal voice compared to other IT projects. If the CIO has the final word, determining the effective balance between IT operations, project deadlines and security could get slanted. It’s especially important to avoid this when security measures have the potential to slow down other IT projects.
Designating the CISO and CIO as peers may seem like a novel idea. But as security threats continue to evolve, reporting directly to the CEO will help the CISO ensure the company is ready to meet these challenges.