Yeshi Kangrang
When we think of who takes the risk with cybersecurity, it can help to think of a military mission. Who is taking the risk of its failure?
Is it the general back at headquarters? The overall responsibility, he (or she) would say, lies with him as commander. He is accountable to his men and superiors for the success of the mission.
Is it the colonel in intelligence providing information about enemy forces? If the information he (or she) provides is lacking and leads to the loss of troops or the failure to secure the target, he will carry a lot of the blame.
Is it the captain leading his (or her) troops into enemy territory? He will bear personal risk as well as responsibility for the men and women under his command.
Is it the troops who are following orders? They also are taking risk, especially if they have a chance to express concerns.
Surely, it is all of them. And the people taking the greatest risk are those who are putting their lives at risk.
Who Is Taking the Greatest Risk?
Who, then, is taking cyber risk?
Is it the board and top management, who are deciding how much scarce resource to invest in breach prevention, detection and response? Is it…
