Lunsford additionally sees a extra speedy drawback related to the CISO disconnect between duties and authority.
“The non-public legal responsibility stakes are forcing CISOs to be extra deliberate and measured with their decision-making. Now we have heard from many CISOs that they’re extra deliberately documenting decision-making of their very own and that of senior management relating to making risk-based selections,” Lunsford stated. “On the floor, that will sound fully optimistic, but it surely has an influence of slowing decision-making and including administrative burden when carried out manually with out expertise that mechanically data their work and decision-making.”
Negotiating protections
In the end, whether or not CEOs present CISOs with protections could also be an element of expertise market dynamics. Within the meantime, veteran safety chief Jim Routh, who has held CISO-level roles at Mass Mutual, CVS, Aetna, KPMG, American Categorical, and JP Morgan Chase, counsels CISOs and potential CISOs to push for key contractual protections.
