Breaches hurt, incident management is a strategic security priority, and legal notification requirements are ramping up. But how does that translate into action, and are firms learning from mistakes?
Security heads have traditionally been treated a lot like premiership football managers. Reasons for success still mainly a thing of myth and conjecture. Sacked on the strength of a high profile loss, even when performance is incrementally improving.