Close Menu
The Financial News 247The Financial News 247
  • Home
  • News
  • Business
  • Finance
  • Companies
  • Investing
  • Markets
  • Lifestyle
  • Tech
  • More
    • Opinion
    • Climate
    • Web Stories
    • Spotlight
    • Press Release
What's On
Apple Confirms Apple Music Price Rise And The Reason Why

Apple Confirms Apple Music Price Rise And The Reason Why

July 17, 2026
Musical Chairs With Bank Capital Is A Fake Safety Net For Taxpayers

Musical Chairs With Bank Capital Is A Fake Safety Net For Taxpayers

July 17, 2026
Apple races past Nvidia to reclaim crown as world’s most valuable company

Apple races past Nvidia to reclaim crown as world’s most valuable company

July 17, 2026
The Three Questions Every Security Leader Should Ask

The Three Questions Every Security Leader Should Ask

July 17, 2026
Lindsey Graham Loved Ukraine. Why Must Americans Suffer His Love?

Lindsey Graham Loved Ukraine. Why Must Americans Suffer His Love?

July 17, 2026
Facebook X (Twitter) Instagram
The Financial News 247The Financial News 247
Demo
  • Home
  • News
  • Business
  • Finance
  • Companies
  • Investing
  • Markets
  • Lifestyle
  • Tech
  • More
    • Opinion
    • Climate
    • Web Stories
    • Spotlight
    • Press Release
The Financial News 247The Financial News 247
Home » The Three Questions Every Security Leader Should Ask

The Three Questions Every Security Leader Should Ask

By News RoomJuly 17, 2026No Comments4 Mins Read
Facebook Twitter Pinterest LinkedIn WhatsApp Telegram Reddit Email Tumblr
The Three Questions Every Security Leader Should Ask
Share
Facebook Twitter LinkedIn Pinterest Email

​Scott Sumner is chief information security officer at Dassault Systèmes.

When a company suffers a breach, the CISO is often the first person held responsible and, at times, not in a position to prevent it. The mismatch between what companies ask of CISOs and what they actually give them has been growing, and it often becomes a personal liability in the process.​

Security leaders are being asked to take on more accountability than ever before while receiving less structural support, less real authority and less legal protection than their peers in the C-suite. That gap can produce outcomes ranging from disengaged teams to criminal charges. Before any security leader can do their job effectively, they need to answer three key structural questions.​

Reporting Structure

​When the security leader reports to a CFO, CTO or CIO rather than directly to the CEO, security gets treated as a technical issue instead of a business function. Information gets diluted as it travels up through layers of management. People are reluctant to deliver bad news, and as a result, the CISO’s perspective can get filtered before it reaches the people with real decision-making power.​

In contrast, a CISO who reports directly to the CEO has a seat at the table when major business decisions are made. Consider a company about to spend a billion dollars acquiring another firm. A security leader with direct access to the CEO can surface the fact that the acquisition target was breached last year and that it cost them a hundred million dollars, in time for that to actually shape the decision. Without that access, the information may never reach anyone who can act on it.​

That said, title and hierarchy matter less than the independence behind them. Reporting structure can be arbitrary from one company to the next. What matters is whether the security leader has the autonomy to affect real change and whether they are genuinely connected to the organization’s business goals. A CISO who can be pressured into softening their assessment of risk is not in a position to protect anyone.​

Authority

The second question is whether the CISO has real authority to match their accountability. Security leaders are held accountable for outcomes, but they often don’t have the formal power to enforce standards. Think of it like a building inspector who can identify every code violation on a property but has no authority to stop construction. A risk assessment is only as valuable as the ability to act on it.​

When a new measure goes into place, will leadership support it? Or will complaints about security being a burden flow around the CISO directly to the CEO? The answer helps clarify whether authority is real or nominal. A combination of access, relationships and credibility creates real authority. A good security leader maintains strong relationships with other business leaders and earns the kind of support that makes enforcement possible. ​

Indemnification

Most C-suite executives, including CFOs and general counsels, are protected by corporate indemnification agreements that protect them from personal legal liability when they act in good faith. Many CISOs, however, are not. Regulators such as the SEC have begun naming individual security executives in enforcement actions, and that has become a serious financial and career risk to CISOs that the industry has been slow to reckon with.​

The case involving former Uber CSO Joe Sullivan made this concrete for many in the field. Until then, most people were not aware of the federal requirement that makes paying a cyber ransom without notifying the Department of Commerce a felony because of the potential risk of funding terrorism. That is the kind of exposure that can turn a good-faith decision made under pressure into a criminal matter.​

In practice, resolving the indemnification issue requires maintaining a close working relationship with the organization’s legal department. This doesn’t provide universal protection, but it provides a great deal. Understanding requirements and disclosure obligations, as well as ensuring that decisions are documented and legally informed, can keep managed risk from turning into personal exposure.​

A CISO’s primary obligation is to protect the business, but they can only do that if they are also protecting themselves. The word that ties everything together is trust. Security leaders have to trust their teams while verifying what they do. They build trust with the business by grounding every decision in business goals. They earn the trust of employees and customers through transparency and sound judgment. Trust built that way compounds over time and becomes the foundation of everything security leadership is supposed to accomplish.​

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

Scott Sumner
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related News

Apple Confirms Apple Music Price Rise And The Reason Why

Apple Confirms Apple Music Price Rise And The Reason Why

July 17, 2026
Four Shifts Every Enterprise Must Make

Four Shifts Every Enterprise Must Make

July 17, 2026
How To Connect UX With Business Metrics

How To Connect UX With Business Metrics

July 17, 2026
AI’s Future Is Real, The Timeline Was Always The Hard Part

AI’s Future Is Real, The Timeline Was Always The Hard Part

July 17, 2026
How AI Is Solving The Knowledge Gap In Legacy App Modernization

How AI Is Solving The Knowledge Gap In Legacy App Modernization

July 17, 2026
Tired Of Building AI Agents? There’s A Simpler Way To Work Smarter

Tired Of Building AI Agents? There’s A Simpler Way To Work Smarter

July 17, 2026
Add A Comment
Leave A Reply Cancel Reply

Don't Miss
Musical Chairs With Bank Capital Is A Fake Safety Net For Taxpayers

Musical Chairs With Bank Capital Is A Fake Safety Net For Taxpayers

News July 17, 2026

“Regulatory Arbitrage Within the Firm” by Dr. Nicola Cetorelli and Assistant Professor Shohini Kundu is…

Apple races past Nvidia to reclaim crown as world’s most valuable company

Apple races past Nvidia to reclaim crown as world’s most valuable company

July 17, 2026
The Three Questions Every Security Leader Should Ask

The Three Questions Every Security Leader Should Ask

July 17, 2026
Lindsey Graham Loved Ukraine. Why Must Americans Suffer His Love?

Lindsey Graham Loved Ukraine. Why Must Americans Suffer His Love?

July 17, 2026
Stay In Touch
  • Facebook
  • Twitter
  • Pinterest
  • Instagram
  • YouTube
  • Vimeo
Our Picks
Chinese AI firm Moonshot unveils powerful model with capabilities close to Anthropic, OpenAI

Chinese AI firm Moonshot unveils powerful model with capabilities close to Anthropic, OpenAI

July 17, 2026
Four Shifts Every Enterprise Must Make

Four Shifts Every Enterprise Must Make

July 17, 2026
Ukrainian Ground Robots And Aerial Drones Assault A Russian Position

Ukrainian Ground Robots And Aerial Drones Assault A Russian Position

July 17, 2026
What Americans need to know

What Americans need to know

July 17, 2026
The Financial News 247
Facebook X (Twitter) Instagram Pinterest
  • Privacy Policy
  • Terms of use
  • Advertise
  • Contact us
© 2026 The Financial 247. All Rights Reserved.

Type above and press Enter to search. Press Esc to cancel.