A cybersecurity governance program is only as strong as its weakest link.
At a large financial institution, several employees did not like how long it took IT to respond to technology and data access requests. They started creating their own spreadsheets to track data used to make their decisions. This “shadow” production data and IT operation lacked controls, backup, and security. Moreover, the organization’s lack of IT and security governance weakened its security program.