January 19, 2024 at 05:24PM
In 2024, CISOs are facing increased personal and legal responsibility for data breaches, particularly due to new SEC regulations. To protect themselves, they should create a system record, define “materiality,” speak to the board in financial terms, participate in cyber insurance negotiations, and monitor emerging privacy threats. Managing third-party risks is critical, and adopting a cross-functional approach is recommended.
The meeting notes highlight critical issues for CISOs and recommend actions to address these challenges:
1. Defend Yourself Against Personal Liability:
– CISOs face personal and legal responsibility for data breaches according to new SEC regulations.
– Recommendations include creating a system record to document actions related to potential security incidents, defining “materiality” with input from legal or risk officers, and communicating with the board in financial terms.
– Active participation in negotiating cyber insurance policies and maintaining a written record of recommendations is essential to avoid non-insurable exclusions.
2. Monitor Emerging Privacy Threats:
– Cyber insurers will focus on privacy breaches in 2024, with a particular emphasis on comprehensive privacy policies and their enforcement.
– Organizations failing to protect data as per their privacy policy risk being without coverage, posing an uninsurable risk.
3. Manage Third-Party Risks:
– Attention should be on identifying third-party vendors that offer operational resilience benefits and establishing a cross-functional supplier risk management framework.
– Prioritizing regulatory compliance, operational resilience, and brand impact over the cost of data governance is key in managing third-party risks.
In the upcoming year, CISOs must take proactive measures to address personal liability for data breaches, comply with tightened cyber insurance regulations, and manage third-party risks effectively. This will involve creating a robust system to document actions and decisions, enforcing comprehensive privacy policies, and collaborating across functions to mitigate supply chain threats and insurance costs.