Chief Information Security Officers (CISOs) are being held personally liable (personally accountable) for the cyber integrity of their companies. In July 2023, the Securities and Exchange Commission (SEC) adopted laws that require publicly traded companies to disclose “material cybersecurity incidents” within four days of an incident. This has increased the stakes for CISOs.
CISOs are now seeking their own personal insurance coverage in the event their employers’ bylaws do not allow for indemnification or the company directors and officers (D&O) policy does not respond to their need for legal assistance and defense from an outside source. With this new regulatory stance, CISOs are now in the spotlight and being called on to validate the actions they took in order to prevent breaches and the steps they took after a breach was discovered.
This newfound liability is opening up CISOs and their personal assets to potential exposure, particularly where there is a question of how and if their employer responds to their legal quandary.
Coverage features
- AM Best A-rated insurance company
- Advancement of defense costs
- Compensation clawback coverage
- Crisis fund coverage (public relations support)
- Reemployment costs due to an event
About CISO Liability Insurance
IOA has developed a proprietary insurance policy that is being offered to members of the Professional Association of CISOs. This proprietary insurance product is designed specifically to cover personal liability assumed by CISOs in their professional role.
The insurance coverage will respond to the CISO’s needs outside of any traditional Directors and Officers insurance and indemnification. If existing D&O coverage or company indemnification do not respond, the CISO liability insurance responds.