Time to lawyer up, CIOs. As Donna Seymour, CIO of the U.S. Office of Personnel Management faces a lawsuit for her role in failing to protect millions of personal data files of employees, CIOs generally should expect to be sued in increasing numbers over cybersecurity issues, one attorney says.
“We are absolutely going to see more CIOs taking the fall and ultimately being named in lawsuits,” said Matthew Karlyn, a partner at Foley & Lardner LLP.
Key to a good defense will be to demonstrate a methodical, attentive approach to conceiving, installing, monitoring and adapting cybersecurity measures, Mr. Karlyn said. Although CIOs may be sued, they may not be judged liable if they can show proof of carrying out these fiduciary responsibilities, he said. “They have to play an active role,” he said.
CIOs and other C-level executives will increasingly be held accountable in court and other public venues, Mr. Karlyn predicted. Ms. Seymour, for example, stood for questioning about the break-in by Congress. The exchanges were at times hostile, with Rep. Jason Chaffetz (R., Utah) and Rep. Ted Lieu (D., Calif.) calling for Ms. Seymour and Ms. Archuleta to resign.