Regulation responsibility is unclear claim CISOs

A third of CISOs agree that managing regulation is an ongoing challenge in their organisation, with lack of clarity on roles and responsibility compounding the issue.

  • 1 year ago Posted in

Over half (56%) of CISOs agree that it is not clear within their organisations whose responsibility it is to manage and implement changes in order to comply with the latest regulations, putting organisations at risk. This is despite over two thirds (67%) claiming that keeping up with changing regulation is an ongoing challenge.

Cyber security solutions provider BSS’s research –which explores 'How CISOs can succeed in a challenging landscape’– also found that a further two thirds (64%) of the 150 UK-based information security decision makers surveyed agreed that regulations change before they have had a chance to successfully implement procedure.

The research also found that regulations like GDPR, which was first implemented in 2018, are still a headache for CISOs, with two thirds (63%) agreeing.

With the deadline approaching on newer regulations such as the Digital Operational Resilience Act (DORA), which comes into action on 17th January 2025, assigning responsibility for managing and implementing regulation must be addressed.

Positively, 80% of CISOs agreed that regulatory compliance is a top priority for their company’s board. But while the priority is there for many, the technology oftentimes does not support it. A third (33%) of CISOs reported that they don’t feel like they have the technology stack required to excel in their role.

In fact, only one in ten (11%) CISOs surveyed reported that their organisations approach to overall cyber risk management is both stable and flexible, allowing them to pivot and respond to opportunities and change, such as regulation.

Speaking about the new research, BSS Director, Chris Wilkinson said: "CISOs need to have a clear idea of where the responsibility for regulation lies in order to succeed in their role.

“Not complying with regulation leaves organisations at risk and ultimately it is the CISO who will answer to any penalties or cyber threats that come as a result of non-compliance with regulations. If CISOs are culpable then they also need to be in control.”

On average, only 48% of digital initiatives meet or exceed business outcome targets, according to...
Research unveils data-driven, condition-based device refresh approach, supported by...
Gartner, Inc. predicts that through 2027, Fortune 500 companies will shift $500 billion from energy...
2025 will see UK businesses undertake a major shake up of their IT and data practices, new research...
Study sees UK businesses placed lowest of ten countries for multi-year sustainability planning,...
70% of UK decision-makers place strong trust in AI technologies, but the vast majority (83%) are...
Software AG has found that half of all employees are using Shadow AI (i.e. non-company issued AI...
AVEVA has partnered with Vulcan Energy Resources and Oxford Quantum Circuits to advance business...