Light Dark
November 10, 2015 By Douglas Bonderud 2 min read

Who’s responsible for enterprise cybersecurity? Historically, CIOs and CTOs were the ones tasked with protecting network resources and ensuring companies were as prepared as possible for a data breach. The evolving information security landscape, however, demands organizational change: C-suite executives are increasingly held responsible for any holes poked in IT security.

According to SC Magazine, that’s just the beginning: Companies must bring application developers in on the ground floor of security discussions to develop consistent practices and “align security priorities” across the enterprise. But what does this kind of team effort look like?

No Safe Seats in a Data Breach

According to the International Association of Privacy Professionals (IAPP), cybersecurity has just recently worked its way into boardroom discussions. In large part, the louder volume of InfoSec conversations stems from high-profile data breaches, which in turn led to serious lawsuits.

For example, Target is facing a shareholder lawsuit alleging that the company failed “to maintain proper internal controls” and mislead affected customers about the scope of the data breach. Wyndham, meanwhile, is under fire for supposedly failing “to take reasonable steps to maintain their customers’ personal and financial information in a secure manner.”

More than just the possible monetary and reputation loss here is the prospect of suddenly vacant boardroom seats. As noted by SecurityWeek, a recent survey found that despite the pressure faced by CISOs to secure corporate infrastructure, CEOs top the list of responsible parties because cybersecurity is now viewed as a “broader business issue.” It’s imperative, therefore, that boardrooms provide time and space for cybersecurity discussions before a data breach occurs.

From the Ground Up

Given the shifting nature of security threats, it’s critical for boards to get more involved and understand the scope — and limitations — of InfoSec efforts. In fact, “70 percent of execs want more oversight and participation from board members, chairpersons and CEOs for data breach preparedness,” SC Magazine stated.

While this is a welcome change, involving the boardroom only covers the last leg of the IT security race. To ensure consistent protection from code to commercial production, companies must also involve those on the front lines: application developers.

The SC Magazine article likened the process to building a house. While C-suite executives draft a blueprint of company strategy and long-term goals, turning paper plans into reality demands the expertise of highly skilled contractors — in this case, app developers. While CISOs, CTOs and CIOs help design policies and processes that ensure apps aren’t misused by employees and campaign for sufficient resources to address existing and upcoming security concerns, bringing devs into the process lets companies address problems at the code level.

Think of it like this: While it’s possible to go back and move walls or correct serious gaps in an HVAC system after a home is built, it’s much easier (and cheaper) to catch these problems during the construction process. Bringing devs on board helps ensure a secure build from the first line of code, meaning C-suites can focus on outside threats rather than inside issues.

Want better data breach preparation? Opt for a team effort: CIOs, CEOs, IT pros and application developers must communicate to control security risk.

 |  |  |  | 
Douglas Bonderud
Freelance Writer

More from

March 4, 2025

FYSA — VMware Critical Vulnerabilities Patched

< 1 min read - SummaryBroadcom has released a security bulletin, VMSA-2025-0004, addressing and remediating three vulnerabilities that, if exploited, could lead to system compromise. Products affected include vCenter Server, vRealize Operations Manager, and vCloud Director.Threat TopographyThreat Type: Critical VulnerabilitiesIndustry: VirtualizationGeolocation: GlobalOverviewX-Force Incident Command is monitoring activity surrounding Broadcom’s Security Bulletin (VMSA-2025-0004) for three potentially critical vulnerabilities in VMware products. These vulnerabilities, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, have reportedly been exploited in attacks. X-Force has not been able to validate those claims. The vulnerabilities…

February 21, 2025

SoaPy: Stealthy enumeration of Active Directory environments through ADWS

10 min read - Introduction Over time, both targeted and large-scale enumeration of Active Directory (AD) environments have become increasingly detected due to modern defensive solutions. During our internship at X-Force Red this past summer, we noticed FalconForce’s SOAPHound was becoming popular for enumerating Active Directory environments. This tool brought a new perspective to Active Directory enumeration by performing collection via Active Directory Web Services (ADWS) instead of directly through Lightweight Directory Access Protocol (LDAP) as other AD enumeration tools had in the past.…

February 14, 2025

Smoltalk: RCE in open source agents

26 min read - Big shoutout to Hugging Face and the smolagents team for their cooperation and quick turnaround for a fix! Introduction Recently, I have been working on a side project to automate some pentest reconnaissance with AI agents. Just after I started this project, Hugging Face announced the release of smolagents, a lightweight framework for building AI agents that implements the methodology described in the ReAct paper, emphasizing reasoning through iterative decision-making. Interestingly, smolagents enables agents to reason and act by generating…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature