Boston, September 15, 2021 – Chief information security officers (CISOs) are rarely held personally liable for their professional actions unless those actions are clearly intentional attempts to conduct unlawful activities. However, several developments since August 2020 have blurred the lines between traditional cybersecurity management decisions and questionable conduct, potentially putting CISOs in the crosshairs for criminal prosecution and civil suits.
This Impact Brief identifies three narratives that point to potential for CISO liability and provides several recommendations for cybersecurity professionals to potentially limit the impact. It is based on discussions with several CISOs and legal professionals from May 2021 to August 2021, as well as the author’s personal experiences as a former CISO at publicly traded companies.
Clients of Aite-Novarica Cybersecurity service can download this nine-page Impact Brief. To learn more about the topic covered in this Impact Brief, please contact us at [email protected].
About the Author
Datos Insights
We are the advisor of choice to the banking, insurance, securities, and retail technology industries–both the financial institutions and the technology providers who serve them. The Datos Insights mission is to help our clients make better technology decisions so they can protect and grow their customers’ assets.