CyberScoop reports that more chief information security officers (CISOs) were noted by SolarWinds CISO Tim Brown to be stressing over simultaneously thinking about defending corporate systems and the individual liabilities that may arise from breaches after the court upheld Securities and Exchange Commission (SEC) charges accusing Brown and SolarWinds of providing misleading statements regarding the exploitation of its Orion software.
While such a threat does not necessitate indemnification laws for CISOs, security executives should be given increased clarity on what to do or say in the aftermath of cybersecurity incidents without the risk of legal action, said Brown at the CyberLawCon Conference.
"It's not so much reducing liability for the CISO community," said Brown. "It's about how do we make sure that the things that we have in place allow us to do our job in the most effective way possible, without the disruption of legal or regulatory actions?"
