CISO Personal Asset Protection
Organizations of all sizes are experiencing an increase in cyberattacks and theft of data.
Chief Information Security Officers (CISOs) are being held personally liable (personally accountable) for the cyber integrity of their companies. In July 2023, the Securities and Exchange Commission (SEC) adopted laws that require publicly traded companies to disclose “material cybersecurity incidents” within four days of an incident. This has increased the stakes for CISOs.
CISOs are now seeking their own personal insurance coverage in the event their employers’ bylaws do not allow for indemnification or the company directors and officers (D&O) policy does not respond to their need for legal assistance and defense from an outside source. With this new regulatory stance, CISOs are now in the spotlight and being called on to validate the actions they took in order to prevent breaches and the steps they took after a breach was discovered.
This newfound liability is opening up CISOs and their personal assets to potential exposure, particularly where there is a question of how and if their employer responds to their legal quandary.
Coverage Features
- AM Best A rated insurance company
- Advancement of Defense Costs
- Compensation Clawback Coverage
- Crisis Fund Coverage (PR)
- Reemployment Costs Due to an Event
About CPAPP (CISO Personal Asset Protection Policy)
In conjunction with the Cyber Future Foundation, Amwins, and American International Group Inc. (AIG), IOA has developed a proprietary insurance policy that is being offered to members of the Professional Association of CISOs. This proprietary insurance product is designed specifically to cover personal liability assumed by CISOs in their professional role.”
The insurance coverage will respond to the CISOs needs outside of any traditional Directors and Officers insurance and indemnification. If existing D&O coverage or company indemnification do not respond, the CPAPP responds.
Reasons for the CPAPP
- To fund legal expenses and protect the assets of a CISO in the absence of any D&O or employer indemnification.
- To cover the liability of a CISO acting as a 1099 contractor for profit and not-for-profit organizations.
- For dedicated insurance coverage for the CISO that cannot be shared with the corporate entity or other executives.
- More and More D&O polices contain cyber exclusions that leave the CISO totally exposed.
