{"id":2036079,"date":"2024-11-12T08:50:59","date_gmt":"2024-11-12T13:50:59","guid":{"rendered":"https:\/\/securityboulevard.com\/?p=2036079"},"modified":"2024-11-12T08:50:59","modified_gmt":"2024-11-12T13:50:59","slug":"insurance-firm-introduces-liability-coverage-for-cisos","status":"publish","type":"post","link":"https:\/\/securityboulevard.com\/2024\/11\/insurance-firm-introduces-liability-coverage-for-cisos\/","title":{"rendered":"Insurance Firm Introduces Liability Coverage for CISOs"},"content":{"rendered":"<p>A national insurance firm is offering liability insurance coverage for chief information security officers (CISOs), who are facing an increasingly complex cybersecurity landscape while often not being given the same legal protections as other officers in a corporation.<\/p>\n<p>Crum and Foster, which offers a broad array of national property, casualty, accident, and health insurance programs, this week announced professional liability coverage for CISOs to better protect them against evolving federal government cybersecurity regulations and possible criminal charges that can now arise from a data breach.<\/p>\n<p>\u201cCISOs are the front line of defense against cyber threats, yet their role may leave them exposed to personal liabilities \u2013 particularly in light of the Securities and Exchange Commission&#8217;s (SEC) new cyber disclosure rules,\u201d Nick Economidis, senior vice president of eRisk at Crum and Forster, <a href=\"https:\/\/www.prnewswire.com\/news-releases\/crum--forster-introduces-professional-liability-insurance-for-chief-information-security-officers-302300733.html?tc=eml_cleartime\" target=\"_blank\" rel=\"noopener\">said in a statement<\/a>. \u201cOur CISO Professional Liability Insurance is designed to bridge that gap, providing an essential safety net by offering CISOs the protection they need to perform their jobs with confidence.\u201d<\/p>\n<p>The new insurance program by the Morristown, New Jersey-based law firm comes in the wake of charges against software maker SolarWinds and its CISO, Tim Brown, <a href=\"https:\/\/securityboulevard.com\/2024\/07\/judge-dismisses-most-sec-charges-against-solarwinds\/\" target=\"_blank\" rel=\"noopener\">being dismissed by a federal court judge<\/a>. The charges were made in connection with the massive software supply chain attack in 2020 by a threat group supported by Russia\u2019s foreign intelligence services. In addition, former Uber Chief Security Officer Joseph Sullivan last year being placed on probation for three years and fined $50,000 for covering up a 2016 data breach involving the personal records of more than 50 million Uber customers and drivers.<\/p>\n<h3>Caught in a Bind<\/h3>\n<p>The court cases sent shockwaves through the <a href=\"https:\/\/securityboulevard.com\/2024\/11\/the-ciso-evolution-from-tactical-defender-to-strategic-business-partner\/\" target=\"_blank\" rel=\"noopener\">rapidly evolving world of CISOs<\/a>, who find themselves in a no-win situation of being responsible for protecting their organizations against such breaches at a time when the number and sophistication of cyberattacks \u2013 thanks to such emerging technologies as AI and automation \u2013 are growing while not always having the legal protection of corporate officers or a say over their budgets.<\/p>\n<p>A report last year by executive search firm Heidrick and Struggles put these issues into perspective, noting that <a href=\"https:\/\/www.heidrick.com\/en\/insights\/cybersecurity\/2023-global-chief-information-security-officer-survey\" target=\"_blank\" rel=\"noopener\">38% of CISOs are not covered<\/a> under their organizations\u2019 corporate director and officer insurance (D&amp;O) policies and 18% not knowing if they\u2019re covered.<\/p>\n<p>The report said that in 2023, the percentage of CISOs who sit on corporate boards more than doubled but was still low and that new U.S. Securities and Exchange Commission (SEC) rules \u2013 that include requiring organizations to disclose data breaches and outlining their cybersecurity programs \u2013 also asks public companies to \u201cdisclose which board members, if any, have cybersecurity experience, thus elevating the role even further.\u201d<\/p>\n<p>The Institute for Applied Network Security (IANS) wrote in a blog post last year that \u201cwith the increased legislation and regulation comes the likelihood that cyber-related legal actions <a href=\"https:\/\/www.iansresearch.com\/resources\/all-blogs\/post\/security-blog\/2023\/09\/21\/why-cisos-need-d-o-liability-insurance-coverage-now\" target=\"_blank\" rel=\"noopener\">will only increase<\/a>. \u2026 Regulation is not only increasing at the federal level, but we are seeing new regulation and laws at the state level, as well.\u201d<\/p>\n<p>\u201cAs cybersecurity and the role of the CISO evolve, it will take time for legislation, insurance products, and regulations to catch up,\u201d the Boston-based company wrote. \u201cMany corporate charters do not regard the CISO as a corporate officer, and, therefore, CISOs cannot be covered by D&amp;O insurance.\u201d<\/p>\n<h3>Good for CISOs and Businesses<\/h3>\n<p>Geoffrey Fehling, a partner with law firm Hunton Andrews Kurth, argued in a blog post that D&amp;O policies need to be tailored to include cybersecurity executives, adding that it would benefit both the CISOs and the companies.<\/p>\n<p>\u201cAs personal liability risks for CISOs continue to evolve, the availability and scope of D&amp;O insurance will remain a critical factor in recruiting and retaining top cybersecurity talent,\u201d Fehling wrote. \u201cCompanies that offer robust insurance protection may gain a competitive advantage in the tight market for skilled security leaders.\u201d<\/p>\n<p>SolarWinds\u2019 Brown in a September interview with The Financial Times cal<a href=\"https:\/\/www.ft.com\/content\/a9645282-70f0-40ac-bfa2-c77f485d33fd\" target=\"_blank\" rel=\"noopener\">led for tighter cybersecurity laws<\/a>, saying that uncertainty in regulations are complicating CISOs\u2019 jobs.<\/p>\n<p>\u201cWhen you don&#8217;t have rules to follow, it&#8217;s very hard to follow them,\u201d he said, adding that &#8220;the cyber issues are 20 to 30 years old. Other regulatory issues are hundreds of years old. So we&#8217;re just kind of catching up on the maturity of that model.\u201d<\/p>\n<h3>Broad Liability Coverage<\/h3>\n<p>Key parts of Crum and Forster\u2019s new CISO liability insurance programs include comprehensive professional coverage \u2013 including CISO consulting services for the organization and through pro bono IT security work \u2013 and covering defense costs without a deductible.<\/p>\n<p>The coverage includes claims stemming from arrests, indictments, or other criminal proceedings and protections as regulatory pressures grow.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>National insurance firm Crum and Forster is offering a professional liability program for CISOs who are facing growing regulatory pressures and sophisticate cyberattacks but often are not covered by their organizations&#8217; D&#038;O policies.<\/p>\n","protected":false},"author":20461,"featured_media":1793299,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[14085,230,20983,23406,13571,21858,21028,20984,30691,14098,14097,98631,99462,99461,13418],"tags":[63454,84170,60248,13713],"class_list":["post-2036079","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-careers","category-cloud-security","category-cyberlaw","category-blogs","category-data-security","category-sb-featured","category-governance-risk-compliance","category-incident-response","category-sb-industry-spotlight","category-sb-news","category-sb","category-social-facebook","category-social-linkedin","category-social-x","category-sb-spotlight","tag-ciso-job","tag-cyber-liability-insurance","tag-solarwinds","tag-uber"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v23.9 (Yoast SEO v23.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Insurance Firm Introduces Liability Coverage for CISOs - Security Boulevard<\/title>\n<meta name=\"description\" content=\"The new program comes in the wake of charges against SolarWinds&#039; CISO being dismissed and Uber&#039;s ex-CSO being fined following a data breach.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/securityboulevard.com\/2024\/11\/insurance-firm-introduces-liability-coverage-for-cisos\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Insurance Firm Introduces Liability Coverage for CISOs\" \/>\n<meta property=\"og:description\" content=\"National insurance firm Crum and Forster is offering a professional liability program for CISOs who are facing growing regulatory pressures and sophisticate cyberattacks but often are not covered by their organizations&#039; D&amp;O policies.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/securityboulevard.com\/2024\/11\/insurance-firm-introduces-liability-coverage-for-cisos\/\" \/>\n<meta property=\"og:site_name\" content=\"Security Boulevard\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/groups\/24445075146\/\" \/>\n<meta property=\"article:published_time\" content=\"2024-11-12T13:50:59+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/securityboulevard.com\/wp-content\/uploads\/2018\/11\/Micron-Intellectual-Property.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"770\" \/>\n\t<meta property=\"og:image:height\" content=\"330\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Jeffrey Burt\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@securityblvd\" \/>\n<meta name=\"twitter:site\" content=\"@securityblvd\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/securityboulevard.com\/2024\/11\/insurance-firm-introduces-liability-coverage-for-cisos\/\",\"url\":\"https:\/\/securityboulevard.com\/2024\/11\/insurance-firm-introduces-liability-coverage-for-cisos\/\",\"name\":\"Insurance Firm Introduces Liability Coverage for CISOs - Security Boulevard\",\"isPartOf\":{\"@id\":\"https:\/\/securityboulevard.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/securityboulevard.com\/2024\/11\/insurance-firm-introduces-liability-coverage-for-cisos\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/securityboulevard.com\/2024\/11\/insurance-firm-introduces-liability-coverage-for-cisos\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securityboulevard.com\/wp-content\/uploads\/2018\/11\/Micron-Intellectual-Property.jpg\",\"datePublished\":\"2024-11-12T13:50:59+00:00\",\"dateModified\":\"2024-11-12T13:50:59+00:00\",\"author\":{\"@id\":\"https:\/\/securityboulevard.com\/#\/schema\/person\/f38bb7663c788778985274cf1b68758a\"},\"description\":\"The new program comes in the wake of charges against SolarWinds' CISO being dismissed and Uber's ex-CSO being fined following a data breach.\",\"breadcrumb\":{\"@id\":\"https:\/\/securityboulevard.com\/2024\/11\/insurance-firm-introduces-liability-coverage-for-cisos\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/securityboulevard.com\/2024\/11\/insurance-firm-introduces-liability-coverage-for-cisos\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/securityboulevard.com\/2024\/11\/insurance-firm-introduces-liability-coverage-for-cisos\/#primaryimage\",\"url\":\"https:\/\/securityboulevard.com\/wp-content\/uploads\/2018\/11\/Micron-Intellectual-Property.jpg\",\"contentUrl\":\"https:\/\/securityboulevard.com\/wp-content\/uploads\/2018\/11\/Micron-Intellectual-Property.jpg\",\"width\":770,\"height\":330,\"caption\":\"SolarWinds Uber CISO liability protection\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/securityboulevard.com\/2024\/11\/insurance-firm-introduces-liability-coverage-for-cisos\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/securityboulevard.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity\",\"item\":\"https:\/\/securityboulevard.com\/category\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Cyberlaw\",\"item\":\"https:\/\/securityboulevard.com\/category\/blogs\/cyberlaw\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Insurance Firm Introduces Liability Coverage for CISOs\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/securityboulevard.com\/#website\",\"url\":\"https:\/\/securityboulevard.com\/\",\"name\":\"Security Boulevard\",\"description\":\"The Home of the Security Bloggers Network\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/securityboulevard.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/securityboulevard.com\/#\/schema\/person\/f38bb7663c788778985274cf1b68758a\",\"name\":\"Jeffrey Burt\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/securityboulevard.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/securityboulevard.com\/wp-content\/uploads\/2023\/07\/cropped-Jeffrey-Burt-photo-96x96.jpg\",\"contentUrl\":\"https:\/\/securityboulevard.com\/wp-content\/uploads\/2023\/07\/cropped-Jeffrey-Burt-photo-96x96.jpg\",\"caption\":\"Jeffrey Burt\"},\"description\":\"Jeffrey Burt has been a journalist for more than three decades, writing about technology since 2000. He\u2019s written for a variety of outlets, including eWEEK, The Next Platform, The Register, The New Stack, eSecurity Planet, and Channel Insider.\",\"url\":\"https:\/\/securityboulevard.com\/author\/jeffrey-burt\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Insurance Firm Introduces Liability Coverage for CISOs - Security Boulevard","description":"The new program comes in the wake of charges against SolarWinds' CISO being dismissed and Uber's ex-CSO being fined following a data breach.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/securityboulevard.com\/2024\/11\/insurance-firm-introduces-liability-coverage-for-cisos\/","og_locale":"en_US","og_type":"article","og_title":"Insurance Firm Introduces Liability Coverage for CISOs","og_description":"National insurance firm Crum and Forster is offering a professional liability program for CISOs who are facing growing regulatory pressures and sophisticate cyberattacks but often are not covered by their organizations' D&O policies.","og_url":"https:\/\/securityboulevard.com\/2024\/11\/insurance-firm-introduces-liability-coverage-for-cisos\/","og_site_name":"Security Boulevard","article_publisher":"https:\/\/www.facebook.com\/groups\/24445075146\/","article_published_time":"2024-11-12T13:50:59+00:00","og_image":[{"width":770,"height":330,"url":"https:\/\/securityboulevard.com\/wp-content\/uploads\/2018\/11\/Micron-Intellectual-Property.jpg","type":"image\/jpeg"}],"author":"Jeffrey Burt","twitter_card":"summary_large_image","twitter_creator":"@securityblvd","twitter_site":"@securityblvd","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/securityboulevard.com\/2024\/11\/insurance-firm-introduces-liability-coverage-for-cisos\/","url":"https:\/\/securityboulevard.com\/2024\/11\/insurance-firm-introduces-liability-coverage-for-cisos\/","name":"Insurance Firm Introduces Liability Coverage for CISOs - Security Boulevard","isPartOf":{"@id":"https:\/\/securityboulevard.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/securityboulevard.com\/2024\/11\/insurance-firm-introduces-liability-coverage-for-cisos\/#primaryimage"},"image":{"@id":"https:\/\/securityboulevard.com\/2024\/11\/insurance-firm-introduces-liability-coverage-for-cisos\/#primaryimage"},"thumbnailUrl":"https:\/\/securityboulevard.com\/wp-content\/uploads\/2018\/11\/Micron-Intellectual-Property.jpg","datePublished":"2024-11-12T13:50:59+00:00","dateModified":"2024-11-12T13:50:59+00:00","author":{"@id":"https:\/\/securityboulevard.com\/#\/schema\/person\/f38bb7663c788778985274cf1b68758a"},"description":"The new program comes in the wake of charges against SolarWinds' CISO being dismissed and Uber's ex-CSO being fined following a data breach.","breadcrumb":{"@id":"https:\/\/securityboulevard.com\/2024\/11\/insurance-firm-introduces-liability-coverage-for-cisos\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/securityboulevard.com\/2024\/11\/insurance-firm-introduces-liability-coverage-for-cisos\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/securityboulevard.com\/2024\/11\/insurance-firm-introduces-liability-coverage-for-cisos\/#primaryimage","url":"https:\/\/securityboulevard.com\/wp-content\/uploads\/2018\/11\/Micron-Intellectual-Property.jpg","contentUrl":"https:\/\/securityboulevard.com\/wp-content\/uploads\/2018\/11\/Micron-Intellectual-Property.jpg","width":770,"height":330,"caption":"SolarWinds Uber CISO liability protection"},{"@type":"BreadcrumbList","@id":"https:\/\/securityboulevard.com\/2024\/11\/insurance-firm-introduces-liability-coverage-for-cisos\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/securityboulevard.com\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity","item":"https:\/\/securityboulevard.com\/category\/blogs\/"},{"@type":"ListItem","position":3,"name":"Cyberlaw","item":"https:\/\/securityboulevard.com\/category\/blogs\/cyberlaw\/"},{"@type":"ListItem","position":4,"name":"Insurance Firm Introduces Liability Coverage for CISOs"}]},{"@type":"WebSite","@id":"https:\/\/securityboulevard.com\/#website","url":"https:\/\/securityboulevard.com\/","name":"Security Boulevard","description":"The Home of the Security Bloggers Network","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/securityboulevard.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/securityboulevard.com\/#\/schema\/person\/f38bb7663c788778985274cf1b68758a","name":"Jeffrey Burt","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/securityboulevard.com\/#\/schema\/person\/image\/","url":"https:\/\/securityboulevard.com\/wp-content\/uploads\/2023\/07\/cropped-Jeffrey-Burt-photo-96x96.jpg","contentUrl":"https:\/\/securityboulevard.com\/wp-content\/uploads\/2023\/07\/cropped-Jeffrey-Burt-photo-96x96.jpg","caption":"Jeffrey Burt"},"description":"Jeffrey Burt has been a journalist for more than three decades, writing about technology since 2000. He\u2019s written for a variety of outlets, including eWEEK, The Next Platform, The Register, The New Stack, eSecurity Planet, and Channel Insider.","url":"https:\/\/securityboulevard.com\/author\/jeffrey-burt\/"}]}},"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"https:\/\/securityboulevard.com\/wp-content\/uploads\/2018\/11\/Micron-Intellectual-Property.jpg","jetpack_shortlink":"https:\/\/wp.me\/p91vu9-8xFZ","_links":{"self":[{"href":"https:\/\/securityboulevard.com\/wp-json\/wp\/v2\/posts\/2036079","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/securityboulevard.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/securityboulevard.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/securityboulevard.com\/wp-json\/wp\/v2\/users\/20461"}],"replies":[{"embeddable":true,"href":"https:\/\/securityboulevard.com\/wp-json\/wp\/v2\/comments?post=2036079"}],"version-history":[{"count":1,"href":"https:\/\/securityboulevard.com\/wp-json\/wp\/v2\/posts\/2036079\/revisions"}],"predecessor-version":[{"id":2036080,"href":"https:\/\/securityboulevard.com\/wp-json\/wp\/v2\/posts\/2036079\/revisions\/2036080"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/securityboulevard.com\/wp-json\/wp\/v2\/media\/1793299"}],"wp:attachment":[{"href":"https:\/\/securityboulevard.com\/wp-json\/wp\/v2\/media?parent=2036079"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/securityboulevard.com\/wp-json\/wp\/v2\/categories?post=2036079"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/securityboulevard.com\/wp-json\/wp\/v2\/tags?post=2036079"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}