Professional Association of CISOs: Introduction to Professional Liability Insurance

By Heather Hinton

Webinar summary from 12 November 2024??

The webinar focused on the importance of professional liability insurance (PLI) for Chief Information Security Officers (CISOs). Participants discussed the increasing personal risk that CISOs face due to rising regulatory pressures and potential litigations related to cybersecurity breaches.??

?The panel consisted of experienced CISOs, an insurance broker, and an executive recruiter who shared insights on the evolution to the CISO role and how and why PLI is playing an increasingly important role in the CISO’s success.??

Key themes included:?

1. The evolving role of the CISO and the liability implications of the increasing regulator, shareholder, and investor actions.?
2. The need for CISOs to have individual liability coverage to protect personal assets.??
3. Strategies for negotiating PLI as part of employment contracts and benefits.?
4. Introducing the policy through the Professional Association of CISOs and CISO Professional Liability Insurance.?
5. PLI provides the first and last line of defense: it is the umbrella that protects you from the rain and can be turned into a raft to protect you from the flood.?

CISO Professional Liability Insurance details include:?

• A benefit available to PAC members?
• Provides dedicated CISO coverage??
• Features include???

• Zero deductibles?

• Global applicability?

• No “forced settlement” requirements??

• No exclusions outside of final adjudication of willful wrongdoing??

• Extended coverage post-employment/contract (“tail coverage”)?

• Available to CISO, vCISO, and more?
• Access to cybersecurity-experienced legal counsel?

?Highlighted points from the discussion included:??

1. Traditional Director and Officer (D&O) insurance might not be sufficient due to its exclusions and shared limits among executives.?
2. Traditional D&O and corporate provided Indemnification is focused on the protection of the company; it may not be concerned about the individual, including the reputation of the CISO.?
3. If you don’t ask for PLI, you won’t get. So, start by asking.??
4. While the idea situation is to negotiate PLI coverage as part of your benefits package, if you are already in role, or if the answer was no, it may be easier after you have been in role and have established trust and relationships.??
5. The cost of CISO PLI is in line with the cost of adding roles/individuals to D&O – so while PLI may seem expensive, it's not when compared with equivalent coverage.?
6. Reminder that Indemnification lasts only as long as a company’s funds or their willingness to pay??
7. Many small companies will not have the wherewithal to cover any meaningful reimbursement of costs.?

?We actively encourage CISOs to proactively seek PLI, highlighting that such coverage acts as both a first and last line of personal defense against professional risks. To learn more about tailored solutions, visit the CISO Personal Asset Protection Policy (CPAPP).

?