The evolving landscape of cybersecurity now places Chief Information Security Officers (CISOs) at significant personal legal risk, evidenced by landmark cases such as Uber's Joe Sullivan conviction for covering up a data breach and the SEC's charges against SolarWinds' CISO Tim Brown for misrepresenting security practices. This heightened accountability is driving major shifts in corporate governance, with nearly all organizations implementing policy changes, increasing CISO participation in board-level strategic decisions, and demanding greater scrutiny of security disclosure documentation. Crucially, while CISOs face growing exposure, a notable percentage are not covered by their company’s D&O policy, making Directors & Officers (D&O) insurance a critical yet often overlooked component of personal and organizational risk mitigation, necessitating a unified approach to cyber and D&O coverage.

www.securitycareers.help/ciso-under-fire-navigating-personal-liability-in-the-cyber-age