Debate Intensifies Over CEO Accountability in Cybersecurity Breaches - IT Security News

A growing debate questions whether chief executives should be directly accountable when cyberattacks occur. Proponents argue CEOs must face consequences, including automatic dismissal after a major breach, while opponents warn the policy could hinder crisis management and create perverse incentives. The discussion is sharpened by Marks & Spencer’s 46-day online disruption and a 40% pay cut for CEO Stuart Machin after the breach and bonus scheme were scrapped.

Critics caution that breaches vary in method and speed, complicating uniform penalties and risking delayed disclosure. They argue that rapid containment and transparent communication are essential. Supporters contend predefined thresholds and tying resilience to executive pay would keep leadership accountable when it matters most.