Back to Spotlight

Published at MIT Sloan Management Review, this article argues that the responsibility to keep data safe must expand beyond the IT team.


Findings from interviews with 57 technology leaders suggest that cyber resilience is no longer exclusively the responsibility of the IT function. Rather, organisations need a more comprehensive approach, because data becomes more pervasive across business functions. The organisation as a whole thus needs a plan for protecting data, which is becoming a key source for competitive advantage.



  • Data is becoming one of companies’ most important assets, as they digitalise strategies, structures, and processes. Therefore, companies must ensure that their data is accessible, understandable, linked, trusted, and secured
  • But data is no longer exclusively the responsibility of the IT department
  • To achieve cyber resilience, companies must employ a cross-functional approach to data management, which involves several key roles:

    • Chief data officer: has overall responsibility for executive-level decisions about data management
    • Data stewards: reside in departments across the organization, reporting to the chief data officer
    • IT team: is the gatekeeper of data, defining data flows within the organisation and to external partners
    • Human resources: has data about work schedules, policies and employee requirements
    • Legal: coordinates with the CDO to ensure that vendors have agreements in place stipulating realistic response times in the event of a crisis.
    • Other consultants: support companies to achieve cyber resilience in non-traditional ways. External cyber risk consultants simulate attacker and defender to spot vulnerabilities
    • Machine Learning and AI: cyber resilience requires advanced algorithmic tools, to analyse data, detect anomalies and make predictions


Why does this matter for businesses?


  • The article focusses on a specific and important but sometimes neglected element of cyber resilience: data. It’s the asset that needs to be protected from attacks.
  • But protecting that data and building cyber resilience can only be achieved through cross-functional collaboration, not in isolation by the IT team.
  • The insights of the article align well with ISTARI’s value proposition – which is, to build cyber resilience.


Read the full article here (Note: Article is behind a paywall)