CISOs face higher stakes as regulators crack down on security failures

Share post:

Regulators are holding chief information security officers (CISOs) liable for the cybersecurity challenges they or their companies face, as evidenced by the SEC charges against SolarWinds and its top security executive, Timothy Brown.

The SEC’s complaint alleges that SolarWinds misled investors about the state of the company’s cyber defenses in the years leading up to a massive 2020 Russian cyberattack. The charges come a few months after a jury found former Uber security executive Joe Sullivan guilty of obstructing an active Federal Trade Commission investigation into Uber’s security practices and concealing a 2016 data breach.

These cases signal a new willingness on the part of regulators to hold CISOs accountable for cybersecurity failures, which is raising concerns among security executives. Some worry that the new SEC cyber disclosure rules, which go into effect next month, could lead to more frequent charges against CISOs, as they will require publicly traded companies to disclose material cyber incidents within four business days and share details about their internal cybersecurity strategies each year.

CISOs are now worried that any statements they make early in their incident response, or even in the years before an attack, could lead to legal problems years later, as it has for SolarWinds.

In an op-ed, Sullivan argued that the SolarWinds’ charges will lead “the private sector to become afraid to work closely with the government” after an attack.

Prospective security leaders may also be discouraged from taking on top roles in the wake of the SolarWinds and Sullivan cases, said Michael Sikorski, CTO and VP of engineering for Palo Alto Networks’ threat intelligence team.

The sources for this piece include an article in Axios.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, Week in Review for week ending Friday, Feb. 23, 2024

This episode features discussion on the takedown of the LockBit ransomware gang

Breaking news: RCMP facing ‘alarming’ cyber attack

The RCMP is facing a serious cyber attack from an unspecified threat actor. The Mounties told CBC News today that a “breach of this magnitude is alarming.” “The situation is evolving quickly but at this time, there is no impact on RCMP operations and no known threat to the safety and security of Canadians,” a spokesperson

Leaked documents may show the inside of China’s hacking strategy

Documents apparently stolen by disgruntled employees to embarrass their firm may give insight into China's cyber

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways