Stories
Slash Boxes
Comments

SoylentNews is people

Execs: We’re Not Responsible for Cybersecurity

posted by cmn32480 on Tuesday April 12 2016, @11:16PM   Printer-friendly
from the need-to-fix-their-little-red-wagon dept.

martyb writes:

Now this is scary. CNBC has a story posted: Execs: We're not responsible for cybersecurity. The story was posted on April 1, but I do not think this is a joke.

More than 90 percent of corporate executives said they cannot read a cybersecurity report and are not prepared to handle a major attack, according to a new survey.

More distressing is that 40 percent of executives said they don't feel responsible for the repercussions of hackings, said Dave Damato, chief security officer at Tanium, which commissioned the survey with the Nasdaq.

"I think the most shocking statistic was really the fact that the individuals at the top of an organization — executives like CEOs and CIOs, and even board members — didn't feel personally responsible for cybersecurity or protecting the customer data," Damato told CNBC's "Squawk Box". ...

"As a result they're handing this off to their techies, and they're really just placing their heads in the sand right now," he said.

I suppose I should not be surprised, but I find it absolutely appalling that there could be this level of active ignorance at such a high level in an organization. What would it take to make said "leaders" actually care about security?

Current practices of providing a year or two of credit monitoring seems woefully inadequate compensation. What if the affected company had to make an actual cash payout of, say, $500 to every person who had their personally identifiable information (PII) compromised? Treble that amount if the notification is not "timely"?

Original Submission

 
This discussion has been archived. No new comments can be posted.
Execs: We’re Not Responsible for Cybersecurity | Log In/Create an Account | Top | 25 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2, Troll) by Dr Spin on Wednesday April 13 2016, @07:23AM

    by Dr Spin (5239) on Wednesday April 13 2016, @07:23AM (#331038)

    Actually, yes they do get off in most cases.

    What is needed, is a firm legislative reinforcement of the position that
      (especially) in a limited liability "If a crime is committed by the organisation - the
    liability of the directors is completely unrestricted. The directors are jointly and
    severally liable for everything that the organisation (ie ANY and ALL employees) has done
    unless it can be shown that they actively took all steps available to them as individuals.

    IE "I did not know it was going on" is proof of guilt. You are employed to know, that is
    what your job IS, and if you did not know, then you were not willing or able to do the job.
    If you fail, you should be banned from being a director - in addition to the full penalty for
    what ever was done.

    I speak as a company director. This is what I was taught the rules are (or were, 30 years
    ago).

    It is also my understanding that society allows me to incorporate a company because it
    is in society's interest. If it is not in society's interest for the company to operate (or company
    is wilfully operating against society's interests) then society should be free to dissolve the
    company. (EG Pharma companies taking decisions to discontinue products leading to
    death of patients who need the medication). If the law does not say this, it would be
    easy to change it - subject to voters taking responsibility for who they vote for.

    No, I do not support the "fight for the right to be exploited" party.

    --
    Warning: Opening your mouth may invalidate your brain!
    Starting Score:    1  point
    Moderation   0  
       Troll=1, Insightful=1, Total=2
    Extra 'Troll' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 4, Insightful) by frojack on Wednesday April 13 2016, @06:51PM

    by frojack (1554) Subscriber Badge on Wednesday April 13 2016, @06:51PM (#331248) Journal

    "If a crime is committed by the organisation - the
    liability of the directors is completely unrestricted. The directors are jointly and
    severally liable for everything that the organisation (ie ANY and ALL employees) has done
    unless it can be shown that they actively took all steps available to them as individuals.
    IE "I did not know it was going on" is proof of guilt.

    So nothing bigger than a Mom and Pop corner grocery store could exist in your special little world then, right?

    Because if some pimply faced kid spits in a burger he is frying for his rival, the CEO goes to jail because
    he is obviously guilty of not personally supervising that pimply faced kid, and all the other 250,000 employees.

    Sorry, but you are delusional. That world has NEVER existed other than the person to person barter world.
    I'm guessing your about 14 years old, never held a job, never employed anyone, and sure as hell never ran
    a business.

    The very reason corporations exist since Roman times ~527 AD, is because civilization has learned that nothing of size can exist based on the work of a single individual, or even a small group, where each individual is 100% responsible. Sooner or later you have to employ someone else.

    --
    No, you are mistaken. I've always had this sig.