Leadership & Executive Communication , Standards, Regulations & Compliance , Training & Security Leadership

How CISOs Can Mitigate Personal Liability Concerns

CISO Quentyn Taylor on Preparing for More Scrutiny in Wake of SolarWinds Charges
Quentyn Taylor, senior director of information security and global response, Canon

SEC regulators have filed charges against software company SolarWinds and its CISO Tim Brown - accusing them of misleading investors about the firm's cybersecurity practices in light of a high-profile hack in 2020.

See Also: Meeting the Mandate: A Proactive Approach to Cybersecurity Compliance and Incident Reporting

The case is part of a growing trend of prosecutors targeting individuals within corporations, placing CISOs and CIOs at risk of personal accountability, and Quentyn Taylor, senior director of information security and global response at Canon, said he is concerned about the implications for other security leaders.

"I am worried about the effect this might start to have. CISOs are not used to having this kind of pressure, and IT people, to be fair, are not used to having this kind of pressure," Taylor said. "Many of the situations that you find yourself in are very nuanced. When someone says, for example, 'Is this thing secure?' Well, your answer, by definition as a security person, is probably 'no' because nothing can be 100% secure."

Taylor advised security leaders to "be open, be honest and make sure you document things clearly, so it's totally unambiguous what your statement is. Never play politics. Don't say what you think people want to hear; say what the truth is, and explain that truth and qualify that truth to the people."

In this video interview with Information Security Media Group, Taylor discussed:

  • His own approach to cybersecurity practices and risk disclosures to mitigate personal liability as a CISO;
  • How security leaders can prepare for increased scrutiny and potential liability across the industry;
  • Best practices to facilitate effective communication between the board and the cybersecurity team about the state of security practices.

Taylor has experience in delivering security to meet business objectives and is an expert information security, strategic management and risk management.


About the Author

Anna Delaney

Anna Delaney

Director, Productions, ISMG

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.