93% of organizations updated policies to address CISO liability risks due to regulatory shifts, including increased board involvement and enhanced legal support. Key incidents like the Uber CISO conviction prompted this change. However, a lack of clarity over accountability for cybersecurity incidents persists, with only 36% of firms clearly defining roles.
https://www.infosecurity-magazine.com/news/ciso-liability-risks-policy-changes/