Why CEOs are to be blamed for Data Breaches?

Why CEOs are to be blamed for Data Breaches

Why CEOs are to be blamed for Data Breaches?

Data breaches take its place in headlines quite often now. We hear about major companies suffering massive data breach, exposing the personal information of millions of users. For example, MobiKwik’s (one of the prominent Indian payment service providers) data breach that exposed the personal information of 100Mn users have alarm bells ringing across regulators. According to a 2020 study by the Ponemon Institute and IBM Security, data breaches in the MENA region are known to be particularly costly affairs, with the average damage reaching $6.53 million. It is well above the global average incident cost of $3.86 million.

Also Read: Top 10 Data Breaches in the recent times

Once a data breach is discovered, companies spend a considerable amount of money determining its source. According to the 2017 Cost of Data Breach Study, it costs U.S. organizations an average of $1.07 million in order to detect a breach. While these post-breach activities are necessary in order to stop the bleeding, they pale in comparison to the cost of the attack itself. A key goal when handling a data breach is learning why it occurred so that you can hopefully prevent it from happening again. Data breach accountability and responsibility isn’t always easy to determine, but when a breach occurs companies spend big money to determine the cause.

Who in an organization is most likely to blame when a data breach occurs?

Businesses continue to realize that cybersecurity is more than an IT issue and it has a deep sway on their operational efficiency. A major data breach will ruin the bottom line, as well as cause huge risks to the company’s repute, how it is perceived by customers, partners and even its own employees. Hence It could no longer be left solely within the scope of the CIO and IT department. If top executives don’t properly address the potential risk a data breach could have on their organizations, that may finally result in being them shown the door.

When businesses don’t budget enough for IT security solutions, including big data encryption, the fault of the data breach can understandably fall on those who make the financial decisions. This can include anyone from business line managers all the way up to the CEO. Many companies believe that CEOs are to blame when a data breach occurs for two very important reasons. Primarily, CEOs are responsible for setting priorities within an organization. If a CEO decides that cyber security is not a high priority, that one decision could open up that company to a breach as a result. Also, CEOs are ultimately responsible for technological innovation at the company. They are often involved in determining which corporate data security partners the company selects and how to address cyber security threats.

CEOs have resigned or been replaced following several high-profile cyber-attacks. For example, Target CEO Gregg Steinhafel resigned in 2014 from his position after it was subject to one of the largest cyber-attacks compromising over 110 million payment cards. Chris Coonan, CEO of Landmark White group resigned amid “major reputational damage” caused by a cyber-attack that exposed the private data of bank customers,

In a survey conducted at Info Security Europe 2017 where security professionals were asked which company position was most responsible in the event of a company data breach. Of the respondents, 40% believed that the CEO would be first on the firing line, followed by the CISO (21%), “Other” (15%) and CIO (14%).

While accountability starts with the CEO and corporate board, cybersecurity is a shared responsibility across every function and level of an organization. Cybersecurity is a practiced culture within the organization that must start at the top. If management does not take cybersecurity seriously, neither will the front-line employees. You can have all of the latest tools in the world, but without human participation, the ROI of implementing them will never be fully recognized.


Implementing data breach management plans and prevention processes is more secure and useful than pointing fingers after the fact. If you’re looking to prevent unauthorized access to sensitive data and the hassle of a data breach, take a closer look at the cyber security services and solutions from 10xDS.

Talk to our expert Cybersecurity and IT Risk Assurance team to learn more about the solutions you should implement for securing your business.


Talk to our experts and identify opportunities for digital transformation

Ask our experts now