"no specific line manager for cyber security
as the responsibility cuts across multiple roles in the company."
You are an ISP, you are operating at the front end of a system with known and unknown government and non-government cyber threats, you are the gatekeeper to your customers data and home systems.
Responsibility for security shouldn't be at the line-manager level, it should be at board-level cutting across all areas of the company. What a set of morons.