Who's to blame for a data breach?

By Sooraj Shah

Following a recent security breach at JPMorgan Chase, UK’s Computing magazine states that it’s "no longer a shock when a huge company is hit by a crippling cyber-attack.” To find out who should carry the blame for a data breach – and how the issue should be addressed overall - the magazine spoke with the a number of industry executives, including Alexei Miller, Managing Director at DataArt, who believes it’s not all black and white.

“… there is a difference between who's accountable and who loses their job. CISOs or data protection officers may have clauses in their contracts that specifically state that they will be held accountable if the firm was to suffer a data breach, and that could put them at risk of losing their job even if they weren't to blame.

"The CISO, and likely the COO, [will] lose their job in the event of a large data breach, but they are not fully to blame," says Alexei Miller, managing director of global technology consulting firm DataArt.

"Guarding against cyber-theft in a large organisation is similar to guarding airports, only more complicated. We all take our shoes off and go through metal detectors. Now, imagine doing it 20 times a day. That would be infuriating, so short cuts would become necessary. Cyber-security is all about compromises with usability and customer service. The CISO is hardly to blame for those compromises," he suggests.

View original article (requires free registration) or download PDF.