In the last few decades, a significant shift in corporate hierarchies fundamentally altered how organisations operate. This restructuring began within Citibank in 1994 when, after falling victim to a large cyber security attack, the role of Chief Information Security Officer (CISO) was first created. Since then, the CISO role has grown exponentially in prominence. So much so that nowadays it is common to see even small, privately owned, organisations with a CISO or similar role in their executive team. With GDPR coming into force two years ago, many organisations assigned a Data Protection Officer. These indicate an important shift in business to give the protection of sensitive data more credence.
However, although cyber security roles may have increased in visibility over the last 20 years, there remains a proportion of enterprises which fail to take steps to fully integrate cyber security or information security professionals and teams into general operations. This failure can have catastrophic consequences.