Many consequences of cyber breaches have been well-documented, including financial and reputational damage. Recent developments, however, show that another serious consequence stands to become top of mind for business leaders: legal action against both the management and members of the boards of directors of organizations that suffer cyber breaches.
According to cybersecurity expert Joseph Steinberg, the SEC’s recent charges against the chief information security officer (CISO) of SolarWinds, combined with its new cybersecurity disclosure rules, should leave no doubt in anyone’s mind that the government is demanding companies to “get their cybersecurity houses in order.”
“In a worst-case scenario, a cyber breach could lead to criminal charges against people,” Steinberg says. “We are talking about not only financial penalties, but, under some circumstances, potential prison time.”
Shifting the Onus of Responsibility to Company Leaders
The SEC’s filing against the SolarWinds CISO is not the first instance in the United States of criminal charges being leveled against a cybersecurity professional. Steinberg points to the case of former Uber chief security officer (CSO) Joseph…
