“Leave it to IT”?

With the exception of a small number of enlightened boards, most businesses assume that, because information technology is the functional responsibility of the IT department, IT is strategically accountable for it as well. Of course, this means that IT is also responsible for information security, protecting the reputation of the organisation from breaches to confidentiality, availability and integrity of its information, as well as from organised crime and terrorists – is this fair on the IT team, or is it the board ducking a critical corporate governance responsibility?