Most Organizations Change Policies To Reduce CISO Liability Risk
HelpNet Security, Wednesday, March 19th, 2025
93% of organizations made policy changes over the preceding 12 months to address concerns about increased personal liability for CISOs, according to Fastly. This includes two in five organizations (41%) increasing CISO participation in strategic decisions at the board level.
CISO liability under the spotlight
In late 2023, newly adopted regulations such as the SEC rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies as well as other headlines have put an increased focus on corporate accountability for data breaches, raising an increased concern of CISO liability.
To reduce this risk, 38% of Fastly research respondents have promised 'increased scrutiny of security disclosure documentation from supervisory agencies' while 38% have improved legal support for cybersecurity staff, including liability insurance, and corporations have allocated more resources to security in the past year.