Boston, September 15, 2021 – Chief information security officers (CISOs) are rarely held personally liable for their professional actions unless those actions are clearly intentional attempts to conduct unlawful activities. However, several developments since August 2020 have blurred the lines between traditional cybersecurity management decisions and questionable conduct, potentially putting CISOs in the crosshairs for criminal prosecution and civil suits.

This Impact Brief identifies three narratives that point to potential for CISO liability and provides several recommendations for cybersecurity professionals to potentially limit the impact. It is based on discussions with several CISOs and legal professionals from May 2021 to August 2021, as well as the author’s personal experiences as a former CISO at publicly traded companies.

Clients of Aite-Novarica Cybersecurity service can download this nine-page Impact Brief. To learn more about the topic covered in this Impact Brief, please contact us at [email protected].