As calls for breach accountability across industries grow louder, and the government introduces new cybersecurity initiatives, frustrated security experts say change will only occur when lawsuits from shareholders hold C-level executives and boardrooms accountable for lax security practices.
While agreement on what “good enough security” entails is hard to come by, chief information security officers can take actions to mitigate the security and risk tradeoffs that can result from business decisions, to make their organizations less vulnerable to security threats.