Imagine the bank president walking through your door, telling you a former employee sold the bank's client list to a competitor, your bank has no legal recourse, and it's your fault because you did not write an information security policy to cover the situation.

It doesn't matter that information security was only one of many duties outlined in your job description. It doesn't matter that information security is an extremely complex problem. It doesn't matter that information security is not your area of expertise. What does matter is you didn't get the job done - and now you don't have a job.

Subscribe Now

Access to authoritative analysis and perspective and our data-driven report series.

14-Day Free Trial

No credit card required. Complete access to articles, breaking news and industry data.