Every time a major IT gaffe happens, someone pays. Perhaps someone misconfigured an AWS S3 bucket or failed to apply a critical software patch. If the outcome is bad enough, the company’s reputation and valuation could take a hit. If they do, who will be held responsible? It depends on the company’s culture and policies. Who should be held responsible? Perhaps someone else.
For example, the Equifax breach cost three executives their jobs including the CIO, CSO and CEO. The CEO blamed a single IT staff member. While not all IT failures make headline news, they happen every day as the result of negligence, ignorance and sabotage.
Blame the IT staffer
When an IT professional is publicly blamed and shamed for an IT failure, the public relations machine’s job is to convince customers, shareholders, and the public that the problem has been resolved. While the IT staff member who caused the issue should be reprimanded, blaming everything on a single employee discounts the potential mismanagement factors that contributed to the issue. Still, the outcome of multimillion-dollar lawsuits may hinge on the actions of one individual.
“When I served as an expert on high-profile cases, it came down to the AWS guy, the woman who was programming or a guy enabling the server,” said Nick Kamboj, CEO of MBA admissions consulting firm Aston & James. “Fifteen to $20 million cases would hinge on what this individual did, what they were supposed to do. Did they follow somebody else's advice or were they using common sense and best practices? It's not the individual, it's more the ecosystem that has to change.”
Read the rest of this article on InformationWeek.