Lunsford additionally sees a extra rapid drawback related to the CISO disconnect between obligations and authority.
“The non-public legal responsibility stakes are forcing CISOs to be extra deliberate and measured with their decision-making. We now have heard from many CISOs that they’re extra deliberately documenting decision-making of their very own and that of senior management on the subject of making risk-based choices,” Lunsford mentioned. “On the floor, that will sound fully constructive, nevertheless it has an affect of slowing decision-making and including administrative burden when carried out manually with out expertise that robotically data their work and decision-making.”
Negotiating protections
Finally, whether or not CEOs present CISOs with protections could also be an element of expertise market dynamics. Within the meantime, veteran security chief Jim Routh, who has held CISO-level roles at Mass Mutual, CVS, Aetna, KPMG, American Specific, and JP Morgan Chase, counsels CISOs and potential CISOs to push for key contractual protections.
