Are U.S. Organizations Insuring Against CISO Liability Risk?
U.S. businesses are facing new regulations regarding cybersecurity that could put their CISOs at risk of liability. How many have obtained insurance coverage for these leaders?
Want more insights like these?
Join our community
No selling.
No recruiting.
No self promotion.
More like this
Building an Effective Executive Succession Plan
View insights
2024 IT Priorities and Challenges: Insights from the Field
View insights
Emergent Analytics: Embracing Augmented Approaches
View insightsOne minute insights:
Most leaders lack a thorough understanding of their liability risk concerning cybersecurity incidents
Less than half of respondents are covered by their organization’s D&O insurance policy
Nearly one-third of leaders at organizations with cyber insurance don’t know if the policy can protect them from liability
Less than one-third thoroughly understand liability risk for cyber incidents
95% of surveyed leaders at least partially understand their potential legal liability for cybersecurity incidents, but less than one-third (27%) say they understand this risk thoroughly.
In relation to your current role, to what extent do you understand your potential legal liability in the event of a cybersecurity incident (including breaches)?
n = 100
Please join or sign in to view more content.
By joining the Peer Community, you'll get:
- Peer Discussions and Polls
- One-Minute Insights
- Connect with like-minded individuals
Question: Please share any final thoughts you have on legal liability for cybersecurity leaders and/or how organizations should approach prevention.
This is a very high concern given the recent SEC actions against SolarWinds’ CISO.
There are more lawsuits occurring lately in our industry.
Many cybersecurity leaders are covered by D&O insurance
40% of respondents report they are included in their organization’s directors and officers (D&O) insurance policy, while 22% are uncertain whether their organization currently has D&O coverage at all.
Are you covered by your organization’s directors and oicers (D&O) insurance policy for liability in the event of a cybersecurity incident (regardless of whether you are oicially deemed an oicer in the corporate charter)?
n = 100
Question: Please share any final thoughts you have on legal liability for cybersecurity leaders and/or how organizations should approach prevention.
Insurance is going to play a bigger part in cyber security positions.
Organizations include CISO liability protection in cyber insurance policies
86% of all respondents (n = 100) note their organization currently has a cyber insurance policy in place.
Does your organization have a cyber insurance policy?
n = 100
Among those at organizations with cyber insurance (n = 86), nearly two-thirds (63%) indicate that their policy includes liability protection for their role in case of cybersecurity incidents.
To your knowledge, does your organization’s cyber insurance policy include liability protection (e.g., legal action coverage) for your role in the event of a cybersecurity incident (including a breach)?1
n = 86
Question: Please share any final thoughts you have on legal liability for cybersecurity leaders and/or how organizations should approach prevention.
Liability has become more important with recent events. Cyber security insurance underwriting has been difficult but is necessary.
In their own words...
Question: Please share any final thoughts you have on legal liability for cybersecurity leaders and/or how organizations should approach prevention.
Companies should have documented policy and awareness for coverage and roles.
CISOs have the shortest tenure of any of the ‘C Suite’ [roles] and that needs to change. Liability does not reside with just the CISO, it’s a shared responsibility.
Cyber insurance continues to be our best bet for legal protection as of today and we continue to update our policies and [add] vendor risk management solutions to improve our security posture.
Respondent Breakdown
