Cyber professionals’ and personal liability


How to avoid being the scapegoat when things go wrong

As security professionals, we focus on minimising risk and liability flowing from a security incident. And rightly so – after all, that is our job.

However, in a crisis, it is human nature to find someone else to blame since we work based on “when, not if” a cyber incident occurs, it is only a matter of time before the focus will shift to you. Have you stopped to consider your liability and risk?

You will find that most of us fall into one of the following categories:

  1. C-Suite security executives – such as CISO, CIO, CSO and CTO;
  2. Internal security staff – such as managers, advisors, architects, consultants, and specialists;
  3. External security providers.

C-Suite Security Executives and Senior Managers

This role is one of the positions that is most held accountable when a security incident occurs. In the US, security breaches often drag executives into litigation, and it won’t be long before we see this trend in Australia. If you are a senior manager, and your title does not include the word “chief” and “officer”, you could still be treated as an “officer” depending on your level of involvement and control, and be made personally liable.

Your high level of responsibility increases the potential exposure and risk to your reputation, brand, remuneration, job security, and most importantly, personal liability…Click here to read full article.