When CISOs Are Called to Testify in CourtroomsUnilever CISO Kirsten Davies on Dealing With Legal Risks and Liabilities
The guilty verdict against Joe Sullivan, former chief security officer of Uber, has generated much discussion about CISO accountability for disclosures of breaches. How should CISOs be preparing to deal with this new responsibility? Kirsten Davies, CISO at Unilever, said communication is crucial.
Davies advised CISOs to engage with their stakeholders, the legal department, the HR department and the leadership executive team to make sure they are making holistic decisions for the organization.
"CISOs have different relationships with law enforcement around the world, in different forms of law enforcement as well, but we need to be mindful of who we're talking to in the midst of an incident," Davies said.
Success ultimately boils down to using the available information to make the best possible choice when an organization makes a decision about breach reporting.
"Along the way, there will be new inputs of information and there will be new stakeholders to engage - whether it's regulatory, law enforcement or internal stakeholders. And we just have to be making the best decisions that we can with the information that we have at the time," Davies added.
In this video interview with Information Security Media Group at RSA Conference 2023, Davies also discusses:
- A CISO's legal risks and liabilities;
- How CISOs should negotiate their recruitment terms;
- Communicating with cyber insurance providers and brokers.
Davies has expertise in business enabling, risk management, data privacy and IT and digital transformation. Her hallmarks include transformative vision casting and strategy setting, operational and organizational excellence, and enterprise enablement. Davies has worked across industries including manufacturing, finance, energy and telecom.