Priya Cherian Huskins

In a recent post in which I discussed the cyber incident-related enforcement action the SEC brought against the software company SolarWinds, I noted that the defendants named in the action included the company’s Chief Information Security Officer(CISO), adding that the SEC’s naming of the CISO as an enforcement action defendants “is sure to send a shiver down the collective spines of the CISO community.” In the following guest post, Priya Cherian Huskins, Senior Vice President and Partner, Woodruff Sawyer, takes a detailed look at the agency’s action against the SolarWinds CISO, and considers the key liability and insurance implications. A version of this article previously published on Woodruff Sawyer’s D&O Notebook here. I would like to thank Priya for allowing me to publish her article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Priya’s article.Continue Reading Guest Post: CISO Liability in Focus: SEC Enforcement, Insurance, and [Personal] Risk Mitigation

The threat of a cybersecurity breach is unfortunately one of the ongoing business risks companies face n the current operating environment. For that reason, corporate disclosures of cyber-breach related risks have been a priority of the SEC’s Division of Corporate Finance as well as the agency’s new Chair, Mary Jo White. The agency’s developing practices

Smaller companies increasingly are the subject of data breaches  and those smaller companies “are the number-one target of cyber-espionage attackers,” according to a recent study detailed in a April 24, 2013 article entitled “Should You Consider Cyber Insurance?” (here). Smaller companies increasingly are the subject of cyber attacks due to “inadequate security