CISO vs. COO: Who Should Own Security In The Next Normal

A topic like CISO vs. COO is one of the hottest topics in the CIO community right now. Check out this post to find out more.

CISO vs. COO: Who Should Own Security In The Next Normal

The latest high-profile security breaches, including Goal, The Home Depot, and J.P., have affected businesses. Morgan Chase has stepped up the spotlight on data protection and the CIO’s duty to protect company information.

It also comes with confidential client specifics at the top of the list.

Though business boards don’t monitor the threat of cyber threats, they take a more active role in cybersecurity abuses. Corporate boards may help mitigate consequences.

This, it ensures that organization protection and response activities continue. Moreover, it is to change to cope with emerging challenges.

These measures can include reviewing the I.T. budget, stressing an event reaction strategy, and evaluating when it last checked.

In ensuring appropriate measures take to safeguard the company and its records, the Board of Directors will and must play its position. Besides, the criticality of the confidentiality of information.

Questions Arise

The particular concern is whether these duties should be the responsibility of the CIO.

Many CIOs, including the CHIO and Chief Risk Officer (CRO), have assigned cybersecurity duties to other company leaders.

The CFO or COO carried out the cyber defense in other organizations and passed to direct accounts. The CIO is most expect to control cybersecurity. Moreover, this considers its overarching responsibility for I.T./business technology and transparency for information safety.

There are, however, strong reasons against overt cybersecurity monitoring by the CIO.

In the first place, CIOs are also responsible for a long list of duties, including day-to-day I.T. and company administration, I.T. control, and I.T. management. Infrastructure, and so on.


Enterprises are also equally concerned with protecting confidential consumers, companies, and operating information. There is also a clear argument that monitoring cyber protection calls for full-time care and should relegate to someone like a CISO.

If cybersecurity delegates to a CISO, the task must shift as the person becomes more active. Many CISOs have either lacked leverage of committed defense budgets or insufficiently engaged in cybersecurity.

The cybersecurity unit has evaluated the organization’s information security policies’ performance over the last year. Moreover, it also reports to a senior manager such as CEO or CFO.

The CISO appraisal of real leaders in a 2013 survey shows that their organizations’ information security strategies are true.

As cybersecurity concerns facets of an organization’s day-to-day activities, some have suggested that information protection should be the responsibility of a COO.

Who can own the company’s cybersecurity? Please join the HMG Strategy Network conversation to express your views and the reasoning for the role delegated by duty.

Rate this post:

Leave a Comment

Your email address will not be published. Required fields are marked *