The Business of Network Cybersecurity Ownership
November 24, 2025
Ownership and maintenance usually go together. When you own something, you’re generally responsible for taking care of it. I initially thought this principle would apply in network infrastructure discussions but soon realized that it was not so simple.
Setting Context Around Cybersecurity Risk
The context I’m referring to is the cybersecurity risk related to network infrastructure. The partnership between cybersecurity and infrastructure teams is more critical now than ever. Cyber risk is a growing challenge that is gaining greater awareness across the industry and more visibility within organizations than ever before. Cyber risk is counted alongside other business risks that are measured and reported to the board.
So… Who Owns it? It’s Complicated.
Of course, like any other technology professional, I reach out to my LinkedIn network for feedback. The first question I posed was about who owns the vulnerability risk of network infrastructure?
Of the 29 votes, 16 favored the VP of Infrastructure or the person responsible for the device lifecycle, 11 preferred the CISO, and 5 supported the CIO.
The relationship between business owners and cybersecurity teams was summed up by Donald Neelin, Information Security Manager, who said, “The business team that owns the technology is the team that owns the risk for that technology. The business needs to drive technology and innovation, including keeping systems up to date. Risk needs to be reported at the VP level and a scorecard developed to drive conversation about why there is risk and what this means to the business.”
Mark Zuzarte, CISO, added, “Traditionally, there is typically an “infrastructure” team responsible for managing servers, software, network infrastructure, etc. Usually rolling into a CIO or similar role. Really depends on how the organization is structured.”
This sentiment was expressed by Philip Veilleux, Security Architecture Lead, who stated, “CISO is accountable for the plans and influence to put the best practice in place. The asset owners are responsible for the patching and remediation efforts.”
Typically, organizations leverage their cybersecurity teams to identify risks, then send those reports to infrastructure teams for triage and remediation within specified time thresholds based on the criticality of that risk. While this approach has been effective over the past few years, many vulnerability programs conduct scans weekly or monthly. As a result, I’ve observed some infrastructure teams aiming to be more proactive by either patching immediately after vulnerability information is released or performing their own vulnerability and configuration assessments before the scheduled reports arrive.
One thing to remember is that business risk remediation depends on the impact and likelihood of that risk happening. In simple terms, the more likely a larger impact is, the more funding is given to remediating that risk. So, this raises the question, who should pay to remediate that risk?
Given That, Who is Responsible for Remediation?
Of course, I included this in another poll question. Among the 30 respondents, 15 said it should be the VP of Infrastructure, 9 said it should be the CISO, 2 said it should be the CIO, and 4 said it should be a combination.
This is where the comments become interesting. One CISO told me that their business has traditionally accepted the risk on network devices because it was too difficult for their infrastructure teams to remediate the large number of network devices they have.
Carl Narber, Cyber Security Architect, summarized how the teams should work together by saying, “I think its other, just be clear — I’ve never heard of a CISO sign the check or anyone else in the list, I’ve always heard of CISO’s requesting for the allocation of it from the board or from the CEO. And then the CISO gets to allocation based on his analysis of what needs to be adopted to accommodate the risk.”
This emphasizes the importance of teamwork. If cybersecurity teams identify the risk and recommend remediation steps, the network teams must ensure that they can work within business requirements to make the necessary configuration changes or updates with minimal service disruption.
There Are Two Main Challenges
The first challenge is that network teams need an easy way to validate the vulnerable condition on their devices and ensure remediation steps do not adversely affect business operations. This becomes even more critical as increased AI usage puts additional demand on networks. According to Gartner, AI agents will be implemented in 60% of all IT operations tools by 2028, up from fewer than 5% at the end of 2024. Remediation steps for each device are often spread across different locations, requiring significant time and effort to parse and consolidate for verification. As a result, some organizations are willing to accept the risk temporarily while they assess the applicability to their environment and plan the appropriate remediation actions.
The second challenge is the significant manual effort required to update configurations or apply upgrades to various network devices. While different vendors may offer tools for their devices, managing a heterogenous network environment increases the effort exponentially. One organization I spoke with takes three years to update software across all their network devices. Others I’ve spoken to have developed manual scripts for this purpose, but ultimately, network administrators are more skilled in the network device commands than in scripting languages resulting in additional manual overhead.
How Can We Solve These Challenges?
First, automating repetitive research tasks is an excellent use case for AI. AI can quickly analyze multiple sources to deliver a unified format, making it easy to identify applicability, remediation steps, and workarounds for vulnerability risks. This is exactly how we use AI at BackBox. Being an AI-enabled company, we leverage this approach to provide BackBox customers with clear and concise details for each vulnerability identified across an organization’s network infrastructure.
Secondly, automated remediation of vulnerabilities has long been used for workstations and servers. Mr. Neelin added, “This should be built into SOP and use regular tools, so there shouldn’t be any additional cost. Most companies should have a centralized management system in place to control configuration and patching (AD and SCCM for Windows). With this in place you can mitigate risk via GPO or software push. For Linux, using Ansible or other scripting methods, and ensuring your networking centralized management console will allow you to easily push updated configurations.”
So, why not apply this approach for network devices? This is where the BackBox platform can be especially helpful. By utilizing workflow automation, a BackBox user can push configuration changes, patches, or upgrades to dozens or even thousands of devices simultaneously. For example, a BackBox customer was able to remediate over 20,000 devices in just a few days compared to the months it previously took.
A Network Administrator at an Automotive Technology Company said this on G2, “OS updates that previously took 30-40 minutes per device are accelerated by a factor of 30x at least.”
A Senior Network Administrator in another G2 review stated, “With BackBox, bi-weekly patching takes only one hour, compared to at least 35 hours to do it manually.”
In Summary
Cybersecurity and infrastructure teams must collaborate. While security teams identify risks, infrastructure teams need to be involved and educated so they can make informed decisions on priorities. Having a solution to automate mitigation and remediation steps greatly reduces the time, effort, and costs involved in reducing cybersecurity risks.
