Top

Cyber risk management: There’s a disconnect between business and security teams

February 7, 2019

Via: CSO

A few years ago, cybersecurity professionals often lamented that executives didn’t want good security; they wanted “good enough” security. This axiom reflected that many CEOs equated cybersecurity with regulatory compliance. If the CISO could check all the right PCI, HIPAA, or SOX boxes, cybersecurity concerns would be taken care of.

The “good enough” security attitude was an aversion for the cybersecurity crowd. CISOs who wanted to adequately protect corporate assets longed for a time when business executives would truly appreciate cyber risk and be willing to participate and fund cyber risk management efforts adequately.

Read More on CSO