GovInfoSecurity.com reported that “Executive liability, where decision-makers face personal liability for making professional decisions, is a topic trending yet again as former Uber CSO Joe Sullivan was recently sentenced to probation and a fine for his role in covering up a data breach that affected tens of millions of Uber account holders.” The May 7, 2023 article entitled “What Executive Liability Means for a CISO” (https://tinyurl.com/397zrc2x) included a description of the RSA 2023 Panel discussion with:
*Solomon Adote, chief security officer for the state of Delaware;
*Aravind Swaminathan, global co-chair for cybersecurity and data privacy at Orrick, Herrington & Sutcliffe;
*Rocco Grillo, managing director of global cyber risk services and incident response investigations at Alvarez & Marsal; and
*Ankur Ahuja, global vice president and CISO at Fareportal Inc.
The RSA 2023 Panel discussed:
*Juggling compliance with blocking and tackling cyberthreats;
*Interpretation of regulations that apply to distinct situations;
*How executives can protect themselves and their organizations from liability.
What do you think?
First published at https://www.vogelitlaw.com/blog/should-cisos-be-liable-for-making-business-decisions