Total Tests:

Cyber Insights 2024: A Dire Year for CISOs?

By Kevin Townsend for SecurityWeek
Thursday, March 7, 2024

The SEC has pitched a potential 2024 curveball at the role of the CISO. It will affect the role of CISO, but we have yet to see how it is played.

Every company has incidents, but not all of them should require public disclosure.

The liability threat

The threat to CISOs is real. “Sanctions may range from suspended and real prison sentences to hefty monetary fines and prohibitions to occupy managerial positions for a certain period of time,” explains Ilia Kolochenko, chief architect at ImmuniWeb. “Regrettably, cybersecurity insurances will unlikely cover legal actions targeting employees of the insured organizations, leaving the former alone amid the mounting legal risks and little support from employers.”

The iconic example of SEC prosecution was that of Joe Sullivan — relating to his as time CSO at Uber. The issue revolves around whether Sullivan hid a breach from shareholders. Sullivan asserts that since the company had a bug bounty program, and that since his team negotiated with the ‘hackers’, effectively paid a bounty, and prevented any public disclosure, this was not a ‘material’ incident and didn’t require disclosure to shareholders. Ultimately, it was a clash between subjective interpretation from the CISO versus legal interpretation from SEC. Read Full Article

Book a Call Ask a Question
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a technical question?

Our security experts will answer within
one business day. No obligations.

Have a sales question?
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
Your data will stay private and confidential