• CISOs: ‘Regulation responsibility is unclear’

    960 640 Stuart O'Brien

    Over half (56%) of CISOs agree that it is not clear within their organisations whose responsibility it is to manage and implement changes in order to comply with the latest regulations, putting organisations at risk. This is despite over two thirds (67%) claiming that keeping up with changing regulation is an ongoing challenge.

    Research conducted by cyber security solutions provider BSS, which explores ‘How CISOs can succeed in a challenging landscape’, also found that a further two thirds (64%) of the 150 UK-based information security decision makers surveyed agreed that regulations change before they have had a chance to successfully implement procedure.

    The research also found that regulations like GDPR, which was first implemented in 2018, are still a headache for CISOs, with two thirds (63%) agreeing.

    With the deadline approaching on newer regulations such as the Digital Operational Resilience Act (DORA), which comes into action on 17th January 2025, assigning responsibility for managing and implementing regulation must be addressed.

    Positively, 80% of CISOs agreed that regulatory compliance is a top priority for their company’s board. But while the priority is there for many, the technology oftentimes does not support it. A third (33%) of CISOs reported that they don’t feel like they have the technology stack required to excel in their role.

    In fact, only one in ten (11%) CISOs surveyed reported that their organisations approach to overall cyber risk management is both stable and flexible, allowing them to pivot and respond to opportunities and change, such as regulation.

    BSS Director, Chris Wilkinson said: “CISOs need to have a clear idea of where the responsibility for regulation lies in order to succeed in their role. Not complying with regulation leaves organisations at risk and ultimately it is the CISO who will answer to any penalties or cyber threats that come as a result of non-compliance with regulations. If CISOs are culpable then they also need to be in control.”

    Photo by Adam Nowakowski on Unsplash


    Stuart O'Brien

    All stories by: Stuart O'Brien