Orgs Face Major SEC Penalties for Failing to Disclose Breaches

All of that is leading to a broad rethinking of the role of the CISO, says Ken Fishkin, senior manager of information security — essentially the acting CISO — for law firm Lowenstein Sandler LLP.

“A lot of people are very nervous about being in a position like mine now because of this responsibility,” he says. “It’s a company issue, definitely not just CISO issue. Everybody will be very leery about vetting statements — why should I say this? — without having legal give it their blessing … because they are so worried about having charges against them for making a statement.”

The worries will add up to additional costs for businesses. Because of the additional liability, companies will have to have more comprehensive Directors and Officers (D&O) liability insurance that not only covers the legal expenses for a CISO to defend themselves, but also for their expenses during an investigation.

Businesses who will not pay to support and protect their CISO may find themselves unable to hire for the position, while conversely, CISOs may have trouble finding supportive companies, says Josh Salmanson, senior vice president of technology solutions at Telos Corp., a cyber risk management firm.

Source: Orgs Face Major SEC Penalties for Failing to Disclose Breaches