A CISO's Guide to Avoiding Jail After a Breach

Yahoo, Uber, SolarWinds -- increasingly, the government is incentivizing better corporate security by punishing the individuals leading it. Is that a good idea? And how can security pros avoid ending up on the butt end of a lawsuit?

Dark Reading, Staff & Contributors

July 11, 2024

1 Min Read
gloved patriotic dressed hand holding get out of jail card
MICHAEL BURRELL VIA ALAMY STOCK

Sullivan to the so-called Commission on Enhancing National Cybersecurity. Four years later, Sullivan was researching prisons, and how to stay safe and sane while on the inside.

He was a strangely cast felon, having spent the first eight years of his career moving up the ladder at the US Department of Justice, and the following half-decade as an assistant US attorney. He'd even prosecuted the first-ever case pertaining to the Digital Millennium Copyright Act (DMCA), United States v. Elcom Ltd., on behalf of the government.

Suffice it to say that few people on earth understood the laws, the business, and the reality of cybersecurity better than Sullivan did. But for having mishandled a major data breach in November 2016, he's still defending himself in court to this day.

"The US government has so much power, and it can steamroll people in a really unfair way," says Jess Nall, a partner at Baker McKenzie LLP. "What's evolved in the last 10 years is that CISOs and other information security professionals -- including privacy and data security lawyers, and other infosec personnel -- are getting thrown under the bus when major cyberattacks happen."

Read the Full Article on Dark Reading

About the Author

Dark Reading

Staff & Contributors

Dark Reading: Connecting The Information Security Community

Long one of the most widely-read cybersecurity news sites on the Web, Dark Reading is also the most trusted online community for security professionals. Our community members include thought-leading security researchers, CISOs, and technology specialists, along with thousands of other security professionals.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights