惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

人人都是产品经理
人人都是产品经理
D
Docker
GbyAI
GbyAI
B
Blog RSS Feed
博客园 - 司徒正美
博客园 - Franky
美团技术团队
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
aimingoo的专栏
aimingoo的专栏
C
Check Point Blog
IT之家
IT之家
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
www.infosecurity-magazine.com
www.infosecurity-magazine.com
AI
AI
O
OpenAI News
Attack and Defense Labs
Attack and Defense Labs
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
T
Tailwind CSS Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
S
Secure Thoughts
博客园 - 聂微东
L
LINUX DO - 最新话题
U
Unit 42
SecWiki News
SecWiki News
A
Arctic Wolf
Schneier on Security
Schneier on Security
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
V
Visual Studio Blog
量子位
The Cloudflare Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
大猫的无限游戏
大猫的无限游戏
Google DeepMind News
Google DeepMind News
G
Google Developers Blog
T
Threat Research - Cisco Blogs
TaoSecurity Blog
TaoSecurity Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
B
Blog
博客园 - 【当耐特】
C
CERT Recently Published Vulnerability Notes
Scott Helme
Scott Helme
Last Week in AI
Last Week in AI
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Microsoft Security Blog
Microsoft Security Blog
Apple Machine Learning Research
Apple Machine Learning Research
F
Full Disclosure
Hacker News: Ask HN
Hacker News: Ask HN
A
About on SuperTechFans
博客园 - 三生石上(FineUI控件)
Latest news
Latest news

Fastly Blog

Fastly Fastly Fastly Fastly Fastly Fastly Fastly Fastly Fastly Fastly Fastly Fastly Fastly Fastly Six Common Live Streaming Mistakes (And How to Avoid Them) How Fastly and Skyfire Enable Trusted Agentic Commerce at the Edge Bot Defense is Table Stakes. Machine Traffic Requires a Business Strategy AI Traffic Grew 6.5x Faster Than Human Traffic This Year Python SDK Beta: How the Language of AI Runs Faster and Safer with Fastly Give AI Agents the Markdown They Actually Want How to Configure Local Logging for an On-Prem Next-Gen WAF Agent Fastly Joins the Agentic AI Foundation (AAIF) to Guide Edge AI Interoperability The E-commerce Industry in the AI Era: Has the Agentic Flood Hit? No Margin for Error: What the FIFA World Cup Teaches Us About Performance at the Edge Why iGaming Infrastructure is Breaking and What Comes Next
Accountability Without Control Is Breaking Security Leadership
Marshall Erwin · 2026-05-20 · via Fastly Blog

The CISO has always been accountable for incidents. That hasn’t changed, and it shouldn’t. What has changed is this: we’ve increased accountability without giving CISOs more control.

The role has moved closer to the center of the business. CISOs are more involved in incident response, more exposed to board-level scrutiny, and more tied to regulatory outcomes.

On the surface, that looks like progress. Security is now treated as a business issue, not just a technical one. But a seat at the table doesn’t mean control. 

In most organizations, CISOs don’t own the systems they’re securing or the decisions that shape risk. Accountability sits with the CISO. Control sits across the organization. 

That mismatch is starting to make the role unsustainable.

Accountability Alone Isn’t Improving Security

If accountability alone led to better security outcomes, this would be a different conversation. But that’s not what’s happening. Cyberattacks continue to grow in frequency and impact.

Organizations are reacting. Our research shows that 94% have made changes in response to rising CISO accountability. The issue isn’t whether they’re acting — it’s how. Many of the changes focus on managing exposure: more documentation, more scrutiny, more legal protection. Accountability is often driving defensive behavior — protecting the organization after the fact, rather than reducing the likelihood of an incident in the first place. 

Instead, accountability should drive alignment. It should force clear conversations with the executive team about what the real risks are. It should lead to better ownership and ensure that budgets and resources match the threat landscape. In many cases, they don’t, which makes it harder to act on the risks that have already been identified.

Why the Gap Keeps Growing

This model — where accountability is centralized and control is distributed — only works when the organization moves as one. In practice, that rarely happens.

And as organizations move faster, that misalignment becomes harder to manage. Security teams can identify risk, but addressing it depends on decisions made by other teams. So the gap grows, not because security leaders aren’t doing their job, but because the system around them isn’t set up to support it.

What’s missing isn’t the ability to act when incidents arise. It’s visibility and enforcement. At a basic level, many organizations still struggle to know what’s running in their environment — what tools are in use, where data is flowing, or how widely something is deployed. 

Even when risks are visible, acting on them depends on coordination, ownership, and the ability to enforce change across teams, and that’s where many organizations fall short. 

In a breach, CISOs aren’t just judged on what happened, but whether they had the visibility and authority to act. In practice, that means demonstrating that risks were understood and that the organization was in a position to act, even if execution depended on other teams.

This isn’t new, but it becomes harder as environments grow and change faster. 

Just as Security Caught Up, AI Reset the Playing Field

For a while, it felt like security teams were getting on top of things. Controls were maturing, the fundamentals were improving, and there was a sense that the gap between attackers and defenders was narrowing.

Then the ground shifted again. AI has changed the shape of the environment almost overnight. New tools are being adopted quickly, and the attack surface is expanding. Usage spreads before policies catch up. In some cases, security teams don’t fully understand the risk until it’s already present. And even when visibility improves, enforcement is not guaranteed. 

Many security teams are back in a familiar position: trying to catch up. At the same time, expectations haven’t reset. If anything, they’ve increased.

This is even more visible in AI-first organizations, where ownership of incident response is often unclear and the pace of change is higher. More than half of AI-first organizations report confusion over ownership — more than double the rate of traditional organizations.

What Needs to Change

The answer isn’t to reduce accountability. CISOs should be accountable. That’s not in question.

But accountability without control doesn’t improve security, it creates friction. Organizations are holding one function responsible for outcomes that depend on the entire system. 

Security needs to be built into how decisions are made, not layered on afterward. If the business is moving quickly — especially with AI — security needs to move with it.

That requires alignment at the leadership level. It requires clarity on ownership and resources that reflect the actual level of risk. And until control matches accountability, the gap will keep growing.

How Fastly Helps

Security teams need visibility into what tools are being used and whether they’re introducing risk into the environment.

Fastly’s Web Application and API Protection products help teams understand the traffic hitting their applications and identify malicious activity faster. The tooling is designed to reduce false positives, so teams spend less time chasing harmless activity and more time responding to real threats.

As AI tools spread across organizations, operational complexity increases too. Fastly brings capabilities like WAF, bot management, and DDoS protection together in one platform, which helps reduce operational overhead and makes incident response easier to coordinate.

If your security team is trying to keep pace with AI adoption, growing attack surfaces, and rising accountability pressure, learn how Fastly’s security products can help reduce noise, improve visibility, and speed up response times.