Regulation responsibility is unclear claim CISOs

A third of CISOs agree that managing regulation is an ongoing challenge in their organisation, with lack of clarity on roles and responsibility compounding the issue.

Over half (56%) of CISOs agree that it is not clear within their organisations whose responsibility it is to manage and implement changes in order to comply with the latest regulations, putting organisations at risk. This is despite over two thirds (67%) claiming that keeping up with changing regulation is an ongoing challenge.

Cyber security solutions provider BSS’s research –which explores 'How CISOs can succeed in a challenging landscape’– also found that a further two thirds (64%) of the 150 UK-based information security decision makers surveyed agreed that regulations change before they have had a chance to successfully implement procedure.

The research also found that regulations like GDPR, which was first implemented in 2018, are still a headache for CISOs, with two thirds (63%) agreeing.

With the deadline approaching on newer regulations such as the Digital Operational Resilience Act (DORA), which comes into action on 17th January 2025, assigning responsibility for managing and implementing regulation must be addressed.

Positively, 80% of CISOs agreed that regulatory compliance is a top priority for their company’s board. But while the priority is there for many, the technology oftentimes does not support it. A third (33%) of CISOs reported that they don’t feel like they have the technology stack required to excel in their role.

In fact, only one in ten (11%) CISOs surveyed reported that their organisations approach to overall cyber risk management is both stable and flexible, allowing them to pivot and respond to opportunities and change, such as regulation.

Speaking about the new research, BSS Director, Chris Wilkinson said: "CISOs need to have a clear idea of where the responsibility for regulation lies in order to succeed in their role.

“Not complying with regulation leaves organisations at risk and ultimately it is the CISO who will answer to any penalties or cyber threats that come as a result of non-compliance with regulations. If CISOs are culpable then they also need to be in control.”

Zoho Corporation introduces Zia LLM and innovative AI tools, marking a new era in contextual AI...
AFL launches the DENALI platform, transforming data centers with modular design for AI environments.
xtype unveils a platform to bridge governance gaps in ServiceNow, enhancing compliance and...
Zendesk extends its analytics capabilities by acquiring HyperArc, aiming to provide GenAI-powered...
The Adaptavist Group reveals workplace AI implementation is deepening inequalities, with...
CyXcel's research reveals that a lack of trust in third-party vendors leaves UK businesses exposed...
AI adoption is transforming cybersecurity, reshaping roles, and influencing hiring, as highlighted...
Quest Software's new AI enhancement cuts down investigation time and addresses rising identity...