GDPR/NIS Directive Fines… it forces those who don’t do anything to at least do something?

Did you know that I recently informed — a few months ago — the Chair of the Board of a significant organisation that there was a major security risk on their infrastructure, and that it would put citizen’s data at a major risk. I am still waiting for a reply. I thus still believe that some executives do not take Cyber Security seriously, and want just sweep it away because it is too technical for them. So is there an increasing tension between the CEO and the CTO?

A chat

So a CTO and CEO are glaring at each other over the board room table for the new EU regulations on security …

“Go do it!”, says the CEO,

“It’s not that easy, we need more investment!”, says the CTO,

CEO: “But will we sell more?” … CTO: “No, but it’ll stop us from being pin-pointed!”,

CEO: “I don’t understand!!” … CTO: “The auditors won’t be happy!!”

Silence.

CEO: “I still don’t understand!! Who cares about our auditors. Just show them all that paperwork that I paid your team to…