Although information security and cyber-risk management is recognized as an enterprise-wide responsibility by many organizations, the information technology (IT) department still is seen as the front-line defense against information losses and other cyber-liability risks, according to an industry survey.

More than two-thirds of respondents say their organizations have a disaster-response plan in place in the event of a major breach. For 41 percent of respondents, the role of the IT department includes fulfilling state data breach notification laws following a breach.

The survey concludes that this may represent “a significant deficiency in emergency-response planning,” noting that the IT department often is not equipped to interpret notification requirements of dozens of states and to marshal the resources necessary to fulfill the requirements of each state following a major breach.

Sponsored by Zurich and administered by Advisen Ltd., the survey, “A New Era In Information Security and Cyber Liability Risk Management,” was conducted for one week, beginning Sept. 26, 2011 and ending Oct. 3, 2011.

The survey was designed to create a framework for identifying and addressing cyber risks throughout an organization and was completed, at least in part by 503 respondents.

The majority of survey respondents recognize the entire organization is responsible for mitigating these risks. When asked, “Does your organization have a multi-departmental information security risk management team or committee?” 57.2 percent respond… To read the rest of the article, please click here.