BrianKrebs

Many things have changed since 2018, such as the names of the companies in the Fortune 100 list. But one aspect of that vaunted list that hasn't shifted much since is that very few of these companies list any security professionals within their top executive ranks.

The next time you receive a breach notification letter that invariably says a company you trusted places a top priority on customer security and privacy, consider this: Only four of the Fortune 100 companies currently list a security professional in the executive leadership pages of their websites. This is actually down from five of the Fortune 100 in 2018, the last time KrebsOnSecurity performed this analysis.

https://krebsonsecurity.com/2023/07/few-fortune-100-firms-list-security-pros-in-their-executive-ranks/

Few Fortune 100 Firms List Security Pros in Their Executive Ranks – Krebs on Security

Jul 21, 2023 at 7:23pmWeb
Show threadMichael SladeJul 21, 2023
@briankrebs Conscious corporate policy or nobody wants the liability?
Show threadBrianKrebsJul 23, 2023
@michaelslade I guess there can be many reasons, but the two points made in the story include a lack of reporting by CSO/CISO to the board or someone other than IT, and the general lack of insurance coverage for CSO/CISOs.
Show threadBarbara MonacoJul 21, 2023
@briankrebs My 2022 health plan, my 2023 health plan, and one of my credit unions have all had major security breaches since the end of last year. One of the health plans did not notify customers until several months after the breach.
Show threadFuturist Jim CarrollJul 22, 2023

@briankrebs

somewhere in my archives is an article I wrote for a magazine in 2001 indicating that security issues would never be solved until responsibility for it was assigned at the level of the board of directors. Obviously, it's never happened, and corporations continue to get what they deserve by not, giving if the proper degree of respect we should dig out the article