In an age where cyber threats loom large over the financial sector’s horizon, recent regulatory actions signal a paradigm shift in the regulatory framework governing cybersecurity for publicly traded companies. The amplified role of the chief information security officer (CISO) and heightened duties given to boards of directors herald a new era of cyber vigilance and accountability. As regulators increasingly focus on individual accountability for CISOs and may commence enforcement actions on this front, CISOs and boards should reassess how to handle their cyber strategy going forward.
Expanding the Role of the CISO
Traditionally viewed as the technical guardians of an organization’s digital fortresses, CISOs are finding themselves front and center in the regulatory and governance spotlight. On Oct. 30, the SEC announced fraud charges against SolarWinds and its CISO following recently implemented disclosure requirements relating to cyber risk, the outcome of which could set the precedent to hold CISOs individually accountable for their organization’s cyber resilience. Despite the original disclosure requirements not singling out CISOs for personal liability, the agency…
