In the hottest chair of digitization – the CISO’s (Part 1)

In the hottest chair of digitization – the CISO’s (Part 1)
San Francisco, 5/5/2022
Cybersecurity and data protection are expected to become major litigation drivers. What litigation risks should CISO’s be most concerned about and what can they do about them?
When massive litigation threatens, it robs many a chief executive of sleep.

The proliferation of data protection, privacy and cybersecurity laws and regulations boils down to the fact that the „law“ factor will become increasingly significant in the future. That was the conclusion of a recent Norton Rose Fulbright survey. More than 250 legal counsel and internal litigation experts participated. Two-thirds of survey respondents said they expect to be more exposed to these types of litigation in 2021 than ever before.
Because the number of cyberattacks is increasing significantly , governments, industry and regulators see this as reason enough to clarify what constitutes poor security. And although or because there are differing opinions, this opens the door to litigation.
Examples of significant data breaches:

May 2019: some 900 million sensitive financial documents from First American financial services company were stolen and then stored on public servers. Access was available to anyone.
2. By April 2019, more than 540 million Facebook user records were on unprotected servers.
2018: Hackers had penetrated Marriott’s reservation system and were able to access 500 million hotel guests‘ private information.
2016: A data theft compromised more than 412 million accounts on an Internet dating site. A group of Eastern European hackers stole more than 160 million records from companies such as Nasdaq and 7-Eleven.

Often, the consequences of such events are a huge burden for companies. In this case, insiders point to TikTok , which is facing a €1.5 billion lawsuit in the Netherlands. Similar claims are being made in the UK and Germany.
This brings into focus a job that some call a „dream job,“ while others wonder why anyone would voluntarily sit in the hottest chair in the age of digitization. We’re talking about the Chief Information Security Officer (CISO).
CISOs under fire
The heart of digitization is software. Because there is no such thing as one hundred percent flawless software, most companies, government agencies and institutions are a target for hackers. To protect against this, the job of a Chief Information Security Officer ( CISO) was created.
In many cases, this is a „home grown“ job in Germany. These are people who set up the first and subsequent networks in their company on the side, survived a few hacks, continued their education and are now finding out that they are out of their depth as „lone wolves“. Hackers have become faster and more sophisticated. The majority of CISO’s come into the company from the outside and experience that they are not exactly welcomed with open arms. The security awareness of the employees is not exactly pronounced – on the contrary, it is at a low level. When a CISO wants to change that, he usually encounters entrenched structures. Many employees think that the fuss made by the newcomers is exaggerated. Nothing has happened in 10 years – so why now? Some even claim that these new guys are disturbing industrial peace. In short, if you start work under these conditions, your job is no bed of roses. They are constantly on the hot seat. What are CISOs for? What does their scope of duties usually look like?
The tasks of a CISO’S:
– He or she designs a holistic security network for the company.
In doing so, technology and organization as well as culture and supply chain are important areas he has to keep an eye on all the time.
– he pushes reputation management
– must initiate and follow through with effective communication measures in the event of a crisis
– establishes identity and access management.

What personal requirements must a CISO be able to demonstrate?
– basic knowledge of software development & IT management processes
comprehensive knowledge of security technologies, standards, laws and processes
– several years of experience in IT security
What does a CISO earn?
This depends on the following factors:
– Company size,
– company location
– line of business
– Work experience
The average salary for a CISO is 171,000 euros gross per year. Top salaries start at 222,000 euros.