CISOs' ownership of cyber risk is debated: while traditionally viewed as scapegoats, many argue they must assert responsibility. Discussions highlight the need for CISOs to align with business strategies and effectively communicate risk impacts to executives. Ultimately, risk is a shared responsibility across an organization, but CISOs should influence decisions and advocate for cybersecurity initiatives, despite potential limitations in authority. The role necessitates ongoing education of board members regarding cyber risks to enhance accountability and operational effectiveness.
https://cisoseries.com/how-much-cyber-risk-should-a-ciso-own/