Business leaders are responsible for everything that goes on in the business – good and bad. No wonder that according to a new research 35% of UK consumers see a business leader as personally responsible for a cyber breach when such occurs.

The UK government, via its Online Harms legislation, has proposed stricter punishment for tech firm chief executives who fail to protect users data.

What catches my mind though, is what do the remaining 65% of the questioned individuals think…

Who in their eyes needs to take responsibility for cyber attacks? The chief information security officer who may wish to do more but acts in a certain business environment and culture and many times suffers from insufficient resources? The risk, compliance or internal audit teams for not identifying the gaps in preparedness for a breach or not raising a ‘red flag’, or maybe the external consultants who came in, delivered their service and created the impression of ‘business as usual’?

I have my own opinion about that. What about you?