Leadership & Executive Communication , Standards, Regulations & Compliance , Training & Security Leadership

How CISOs Can Guard Against Their Own Liability

In Wake of Joe Sullivan Verdict, Jonathan Armstrong Offers Legal Advice for CISOs
Jonathan Armstrong, partner, Cordery Compliance

In October, former Uber CSO Joe Sullivan was convicted on charges of covering up a 2016 data breach that affected tens of millions of Uber account holders. The trial was a watershed moment, likely marking the first time a chief security officer had faced criminal charges over an incident response. Does the Joe Sullivan verdict presage a dangerous new future for the security profession globally? "Possibly," says attorney Jonathan Armstrong. "This trend is going to be difficult to put back in the box."

See Also: What to Do Based on 2022: Expert Analysis of TPSRM Survey

Armstrong says that when security leaders start a new position, they have some bargaining power to make sure that their contract is robust and contains the protections they need. He advises CISOs to do their due diligence by asking, "Is there a data breach there that hasn't been reported?"

He also recommends that security leaders consider obtaining directors and officers liability insurance. "Make sure that your name is on the policy, and that the organization will support you," he says.

In a video interview with Information Security Media Group, Armstrong discusses:

  • What the Joe Sullivan verdict portends for the security profession globally;
  • What the case tells us about personal liability under GDPR;
  • Practical steps security leaders should take today to guard against their own liability.

Armstrong, an experienced lawyer with Cordery in London, is an expert on data protection and data security law. He advises multinational companies on risk, compliance and technology.


About the Author

Anna Delaney

Anna Delaney

Director, ISMG Productions

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing devicesecurity.io, you agree to our use of cookies.