The drumbeat of hack-related headlines is getting louder. Last year, J.P. Morgan Chase announced that a cyber-attack over the summer may have compromised the information of 76 million households and roughly 7 million small business customers. Cyber-criminals stole 60 million credit card numbers from Home Depot in 2014, and the hack on Target reportedly cost them $148 million. Last year, hackers broke into iCloud accounts of a number of celebrities and released nude photos of those targeted.

First the Attack. Then the Lawsuit?

As cyber threats and attacks become more prevalent, there is a very real risk of litigation against affected businesses, and it’s not just the company that is at risk. Chief Information Officers (CIOs) and other IT security leaders are increasingly being named in lawsuits following a cyber breach.

6 Precautionary Measures CIOs Need to Take

If you’re a CIO, Chief Information Security Officer (CISO) or hold leading responsibility for the integrity and security of your corporation’s IT and information security systems, consider taking these actions to reduce the risk that you will be targeted in litigation following a breach.

  1. Brief leadership, including the board, on a regular basis on the company’s major cyber risks.
  2. Be prepared to demonstrate the steps you’re taking to protect information technology.
  3. Ask that you be covered by corporate insurance and indemnified in the event of a lawsuit. Even though a breach can rarely be blamed on one individual, prudence is best.
  4. Ensure that proper cyber risk-related education, training and policies are up-to-date.
  5. Conduct a third-party risk assessment related to data-management risks.
  6. Establish an incident response plan and train regularly on it.

While the risk of a breach is always real, the actions you take well in advance can do more than protect the company’s information, reputation and customer relationships. They can also help you insulate and protect your own professional career.

This blog is for informational purposes only and does not constitute a legal opinion or advice.