Professional liability insurance is designed to protect executives against claims of negligence or inadequate work arising from their services. Companies often use these policies to safeguard a business’s financial assets from the potentially high costs of lawsuits and settlements in the event someone alleges executives have failed to uphold their duties. The policies often cover CEOs, CFOs, and other board members, but often fail to include CISOs.

New Jersey-based insurer Crum & Forster is looking to change that. The company recently unveiled a policyspecifically designed to shield CISOs from personal liability.

Nick Economidis, vice president of eRisk at Crum & Forster, told CyberScoop that the company saw an opportunity since CISOs may not be recognized as corporate officers under a directors and officers liability policy, which normally covers executive liability.

“CISOs are in a no-win situation,” Economidis said. “If everything goes right, that’s what people expect. If something goes wrong, they’re the person that everybody looks at and they’re left holding the bag. Then, there are potentially significant financial ramifications for them because they’re often not covered by traditional insurance policies.”

The policies, which can be obtained on behalf of a company or through a CISO themselves, can cover consulting done for the organization and subsidiaries, as well as moonlighting or pro bono IT security work.

“We find that it’s not unusual for CISOs to be doing consulting, either on a pro-bono basis or for a fee,” Economidis said. “That creates an exposure as well, and the policy will also cover that.”

The CISO role is one that is under increasing legal scrutiny, especially after high-profile security incidents. In October 2023, the Securities and Exchange Commission sued SolarWinds and its chief information security officer for failing to disclose poor cybersecurity defenses in the wake of Russian-government-linked hackers breaching its systems. A judge dismissed most of that lawsuit earlier this year.

The plan offers zero deductible defense costs for immediate and effective protection, along with broad claims coverage, even in criminal proceedings, ensuring CISOs have robust protection against personal liabilities. It also includes targeted regulatory protection to comply with SEC cyber disclosure rules, helping CISOs limit exposure to civil and criminal liabilities.

Economidis says policyholders can typically expect costs to range from $3,000 to $5,000 per insured person, depending on factors such as coverage limits and deductibles. Additional variables, including whether the company is public or private and the company’s years of experience, can also influence the pricing.

The post CISOs can now obtain professional liability insurance appeared first on CyberScoop.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Okta Warns Customers of Credential Stuffing Barrage

April 29, 2024 0 Comments 0 tags

Okta has issued customers with new advice on how to block mounting credential stuffing attacks

Read More

CISA Releases One Industrial Control Systems Advisory

March 19, 2024 0 Comments 0 tags

CISA released one Industrial Control Systems (ICS) advisory on March 19, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-079-01 Franklin Fueling System

Read More

CISA Adds Three Known Exploited Vulnerabilities to Catalog

June 26, 2024 0 Comments 0 tags

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2022-24816 GeoSolutionsGroup JAI-EXT Code Injection Vulnerability CVE-2022-2586 Linux Kernel Use-After-Free Vulnerability CVE-2020-13965 Roundcube

Read More