Industry Reactions to Conviction of Former Uber CSO Joe Sullivan: Feedback Friday
Friday, October 7, 2022
Former Uber security chief Joe Sullivan has been found guilty by a jury over his role in covering up a massive data breach suffered by the ride sharing giant in 2016.
Ilia Kolochenko, Founder, ImmuniWeb: “The Uber case is just another illustrative example of the unfolding global trend to hold cybersecurity executives accountable for their companies' data breaches. In the future, we will likely see more CISOs, DPOs and board members civilly liable or even face criminal prosecution for security or privacy incidents. Many countries have already implemented – by the virtue of statutory or case law – personal accountability of executives for data breaches. Serious misconduct, such as deliberate concealment of a data breach despite the regulatory requirement to report the breach to mitigate harm, may even entail criminal sanctions.
Cybersecurity executives should urgently ascertain that their employment contracts address such vital issues as coverage of legal fees in case of a civil lawsuit or prosecution in relation to their professional responsibilities, as well as a guarantee that their employer will not sue them – as victimized companies may also sue their own executives in case of security incidents. Finally, cybersecurity executives should be always prepared to demonstrate a systemized, continually improved and comprehensive data protection and privacy strategy, as well as solid evidence of regular and coherent implementation thereof.” Read Full Article
BBC News: Former Uber security chief convicted for concealing a felony
SC Media: More than 248,000 files leaked on the dark web in LAUSD ransomware case