Executive management is ultimately accountable for controlling risks. Executives must explain why major security breaches occurred. They must rebuild trust with the public. They also have to rebuild confidence with shareholders and regulators.
To be accountable means to face consequences for failure to act. Some organizations find it difficult to apply consequences to top leadership. Worse yet are organizations that identify so many leaders as accountable that, for all practical purposes, no one is accountable.
As a result, not all organizations are capable of holding their leaders accountable. Accountability can come from external forces such as:
- Public opinion—This can ...