Indeed, CIOs and CISOs are natural targets of post-breach lawsuits. As part of their job, CIOs and CISOs create and circulate internal memos on a regular basis, informing the C-level executive team and board of directors of cybersecurity issues and concerns, along with requests for additional funds. More often than not, it is the CIO or CISO that is pushing for new policies, practices, and guidelines relating to cybersecurity. By extension, these memos and recommendations make the CIO/CISO (and other directors and officers) compelling targets when these identified cyber-related weaknesses are not addressed, or additional funds not requisitioned. Consequently, it is only a matter of time before liability claims are routinely extended to senior in-house legal stakeholders, with the CIO and CISO in starring roles.
via Do CIOs and CISOs Get Covered in Cybersecurity Litigation? | Big Law Business