CISOs in court: Balancing cyber resilience and legal accountability | Computer Weekly

CISOs in court: Balancing cyber resilience and legal accountability | Computer Weekly

Briefly

"Today, the role of chief information security officer (CISO) role has transcended traditional boundaries, moving beyond managing firewalls and compliance checklists. The current landscape, marked by an upsurge in regulatory scrutiny and lawsuits against individual CISOs, demands a new approach. To navigate this challenging environment, the CISO must become a legal sentinel, meticulously documenting decisions and establishing a verifiable defence of "due care" to protect both the enterprise and themselves from legal repercussions."

"The paradox is that the more visibility CISOs have gained, the greater their legal exposure becomes. The solution lies in governance by design, a strategic approach that aligns cyber controls, risk metrics and executive communication around transparency and accountability to build trust among regulators, customers and investors. Governance by design is a proactive approach that integrates legal considerations into every aspect of cyber security strategy and decision-making,"

"CISOs traditionally operated behind the scenes, focusing on threat prevention and response as technologists. Today, regulators expect CISOs to demonstrate not only technical competence but also governance maturity, ethical decision-making and transparency. Cyber security laws, such as the SEC's Cyber Disclosure Rules, the EU's General Data Protection Regulation (GDPR) and state-level privacy acts like California Consumer Privacy Act (CCPA), impose explicit duties on organisations to report breaches promptly, maintain reasonable safeguards and ensure transparency in disclosures."