Companies Are Adjusting Their Policies in Response to CISO Liability Jitters

D&O and Management Liability Insurance attorney Thomas Bentz recently spoke with IT Brew for an article examining a report that highlights growing concerns among companies about the liabilities faced by chief information security officers (CISOs) in the event of a cybersecurity incident. The survey of 1,800 information technology (IT) leaders revealed that 41 percent are involving CISOs more in board-level strategic decisions to address these concerns. Additionally, 38 percent said they are increasing legal support for security staff, while another 38 percent responded they are scrutinizing security disclosure documents more closely. Mr. Bentz noted that high-profile cases, such as those of SolarWinds and Uber, exacerbate pressures on CISOs, especially given their varied roles and resources across companies of all sizes.

"We're talking about a wide range of companies. You've got mom-and-pops and then you've got Fortune 50 companies," he said. "They have very vastly different resources and vastly different needs. So, to try and put a one-size-fits-all requirement on them can be really tough."

READ: Companies Are Adjusting Their Policies in Response to CISO Liability Jitters