CyberScoop reports that more chief information security officers were noted by SolarWinds CISO Tim Brown to have been stressing over simultaneously thinking about properly defending corporate systems and the potential individual liabilities that may arise from possible breaches after the court upheld Securities and Exchange Commission charges accusing Brown and SolarWinds of providing misleading statements regarding the firm following the massive exploitation of its Orion software.
While such a threat does not necessitate indemnification laws for CISOs, security executives should be given increased clarity on what to do or say in the aftermath of cybersecurity incidents without the risk of legal action, said Brown at the CyberLawCon Conference. "...[I]t's not so much reducing liability for the CISO community. It's about how do we make sure that the things that we have in place allow us to do our job in the most effective way possible, without the disruption of legal or regulatory actions?" said Brown.
