Chief Information Security Officers (CISOs) face growing personal liability risks amid increasing cybersecurity threats and stricter regulations. Recent Securities and Exchange Commission (SEC) actions have targeted CISOs individually. For the first time, the SEC charged a CISO with fraud and internal control failures related to cybersecurity. New SEC disclosure rules now require timely reporting of material cybersecurity incidents, placing more responsibility on CISOs.
The New York Department of Financial Services (NYDFS) has also introduced regulations that could hold CISOs personally liable for company-wide cybersecurity failures. These developments raise serious concerns for CISOs and companies seeking to protect their key cybersecurity personnel.
Crum & Forster (C&F) has introduced a new Professional Liability Insurance policy specifically for CISOs in response to these risks. This solution aims to protect CISOs from increasing personal liability risks in today’s challenging cyber landscape.
CISOs are crucial in defending organizations against complex cyber threats. However, they often lack the legal protections afforded to other senior executives designated as corporate officers. This gap means they may not be covered under traditional Directors & Officers (D&O) insurance policies, leaving them vulnerable to personal financial losses from defense costs, fines, and judgments.
Key Features
“CISOs are the frontline defenders against cyber threats,” said Nick Economidis, Senior Vice President of eRisk at Crum & Forster. “Yet, their role may expose them to personal liabilities, especially with the SEC’s new cyber disclosure rules. Our CISO Professional Liability Insurance bridges that gap, providing essential protection.”
Key features of the policy include comprehensive professional coverage that extends to consulting services for the organization and its subsidiaries. It also covers moonlighting and pro bono work in IT security without requiring employer consent. Defense costs are covered with zero deductible, ensuring immediate financial protection in the event of a covered loss.
The policy offers a broad definition of claims, including coverage for criminal proceedings such as arrests or indictments. This provides a robust response to potential personal liabilities that CISOs might face. As the SEC tightens cyber disclosure regulations, CISOs encounter increased personal exposure to civil and criminal charges for disclosure violations. C&F’s policy is tailored to provide defense and indemnity protection for these emerging risks, helping to limit personal exposure.
“C&F is committed to supporting CISOs as they navigate their high-stakes role,” said Leigh McMullan, Senior Vice President of Executive Risk at Crum & Forster. “Our CISO Professional Liability solution underscores our commitment to offering innovative, targeted coverages that meet the evolving needs of cybersecurity professionals.”
By introducing this policy, Crum & Forster addresses a significant need in the cybersecurity industry. The specialized coverage offers CISOs protection against personal liabilities associated with their roles, reflecting the evolving demands of cybersecurity professionals.
Other News: Think Your CISO is Ready to Run an Incident Response Plan? Think Again, Says Coalition (Opens in a new browser tab).
Other News: CISOs Turn to Indemnity Insurance as Breach Pressure Mounts.