October 25, 2017 at 2:00 PM EST

Are CISOs being hung out to dry?

Sure, the consequences of a high profile data breach can be catastrophic. Think: financial loss, plummeting stock, lawsuits, customer churn, or criminal prosecution.

But are CISOs always to blame? Richard Clarke thinks the current knee jerk reaction of ‘breach and blame’ is failing consumers and shareholders alike. His message for CISOs:  

  1. Your security briefings are not strategic enough. Cyber security isn’t a technical conversation, it’s a board-level conversation about risk tolerance, financial consequences and strategic alignment.
  2. Your current breach response plan is wholly inadequate. The CISO role must evolve to coordinate a strategic response to data exposure or loss, not just manage technology and business process.
  3. Your current reporting path to the CIO is outdated. It’s time for CISOs to report directly to the CEO and that means technical acumen alone isn’t sufficient expertise to get the job done.


Richard Clarke, CEO, Good Harbor

Richard is an internationally recognized cyber security and counterterrorism expert, author, and former adviser to three US Presidents. He has served in the White House, the Pentagon, the Intelligence Community and the State Department in various roles, including Special Advisor on Cyber Security, developing the country’s National Strategy to Defend Cyberspace and serving on the President’s Review Group on Intelligence and Technology.


Michael Harris, Chairman and CEO, BlueCat

Michael is an experienced executive successfully leading high growth technology companies. Prior to joining BlueCat, he was the CEO of MKS where he was responsible for redefining the ALM market which culminated in the sale of the company to PTC. Prior to MKS, Michael held senior executive positions at Geac and SunGard.