It’s past time for all major companies certainly in the Fortune 500, but the advice carries on down into even midsized organizations to carve out a C-level role focusing solely on security. A CISO’s primary emergency responsibility would be to make sure a breach doesn’t play out a la Home Depot and Target. The CISO should be given both the authority and the budget to respond to breaches quickly and efficiently, without getting mired in bureaucratic reporting and red tape at least until the imminent danger passed and the breach was mitigated.”]
Source: https://www.csoonline.com/article/2684416/why-your-company-needs-both-a-cio-and-a-ciso.html