By Chris Morrison, Workflow contributor
Cybersecurity has never been a more vital business issue. While the growth of cybercrime has been noted for years—in 2021 alone, one study found intrusions increased 50 percent from the year prior—trends like work-from-home, migration to cloud, and geopolitical instability have led to a qualitative spike in risk.
Weak cybersecurity can cost a business plenty. While the average cost of a breach across all company sizes and industries was $4.35 million in 2022, the largest breaches averaged $387 million when taking into account detection, response, regulatory costs, and lost business, according to a report by IBM. So it’s increasingly imperative that companies approach their cybersecurity organizational structure deliberately.
Yet doing so has become increasingly complex.
The challenge goes beyond the highly publicized cybersecurity talent shortage. It begins at the top, with the chief information security officer (CISO). Some companies still don’t have this role; those that do range in how they establish its reporting structure and responsibilities, each trying different approaches based on their varied and changing attack surfaces.
In short, there is no one-size-fits-all structure to a cybersecurity organization. But several models that have emerged from the most-attacked industries point the way to one that communicates and acts effectively across all business levels. Here are the key roles for a strong cybersecurity operation built to keep an organization secure.
Related