Tech
CISOs in court: Balancing cyber resilience and legal accountability | Computer Weekly
Today, the role of chief information security officer (CISO) role has transcended traditional boundaries, moving beyond managing firewalls and compliance checklists. The current landscape, marked by an upsurge in regulatory scrutiny and lawsuits against individual CISOs, demands a new approach.
To navigate this challenging environment, the CISO must become a legal sentinel, meticulously documenting decisions and establishing a verifiable defence of “due care” to protect both the enterprise and themselves from legal repercussions.
The paradox is that the more visibility CISOs have gained, the greater their legal exposure becomes. The solution lies in governance by design, a strategic approach that aligns cyber controls, risk metrics and executive communication around transparency and accountability to build trust among regulators, customers and investors. Governance by design is a proactive approach that integrates legal considerations into every aspect of cyber security strategy and decision-making, ensuring that the organisation is always prepared for legal scrutiny. In essence, cyber resilience and legal defensibility are now two sides of the same coin.
The legal landscape: Why CISOs are in the crosshairs
CISOs traditionally operated behind the scenes, focusing on threat prevention and response as technologists. Today, regulators expect CISOs to demonstrate not only technical competence but also governance maturity, ethical decision-making and transparency. Cyber security laws, such as the SEC’s Cyber Disclosure Rules, the EU’s General Data Protection Regulation (GDPR) and state-level privacy acts like California Consumer Privacy Act (CCPA), impose explicit duties on organisations to report breaches promptly, maintain reasonable safeguards and ensure transparency in disclosures.
When organisations fail to meet these obligations, regulators and investors increasingly look to the CISO as the responsible executive. We can see this in class-action lawsuits that now routinely name CISOs as defendants, especially when plaintiffs allege that executives ignored warnings, underfunded security programmes or misled stakeholders.
The CISO’s emails, reports, and board presentations often become evidence in litigation, making documentation and communication practices critical risk factors in their own right. The CISO’s defence rests on demonstrating due diligence, proving that they provided the board with accurate risk assessments and reasonable security measures were implemented, given the company’s resources and risk profile.
Protecting the organisation: Legal foresight as a security control
To protect the enterprise, CISOs must adopt a dual-lens mindset: one focused on risk reduction through technical and operational controls, and another geared to legal defensibility. Several best practices help balance these priorities, ensuring that legal implications are considered in every security decision.
- Embed legal awareness in cyber strategy: By integrating legal counsel into incident response, risk assessment, tabletop exercises, data protection impact assessments and vendor management discussions, security leaders can ensure that regulatory implications are understood before crises occur.
- Build a defensible documentation trail: CISOs must document major security decisions, such as risk acceptance, budget trade-offs and vendor selections, along with the rationale, as these records become invaluable in proving due diligence if an incident leads to regulatory review or litigation.
- Adopt a “disclosure-ready” posture: Ensuring that systems are in place for early breach detection, internal escalation and timely communication to leadership is crucial. This transparency, when clearly implemented, can mitigate reputational and legal fallout.
- Implement continuous oversight and board reporting: Presenting regular security briefings to the board that focus on measurable risk indicators, rather than just providing technical updates, helps drive accountability and distribute liability more equitably across governance layers.
Protecting the CISO: Personal legal safety nets
As accountability grows, CISOs must treat their personal risk exposure as part of professional hygiene. The following safeguards are now essential components of an executive’s toolkit:
- Directors and officers (D&O) insurance cover: CISOs must ensure that their comprehensive D&O insurance explicitly includes cyber security-related claims and personal indemnification clauses that specifically address the CISO role.
- Document and escalate material risks: If CISOs identify systemic weaknesses, such as a lack of funding, unpatched legacy systems, or noncompliance, they must formally escalate these risks to leadership and record the communication, as silence or informal discussions can later be construed as negligence.
- Establish a personal legal relationship: In high-stakes scenarios, the company’s counsel represents the organisation, not the individual. CISOs should have access to independent legal advice when handling investigations or disclosure decisions involving personal accountability.
- Maintain ethical and transparent communication: Misrepresentation is often the catalyst for prosecution. When briefing executives or regulators, the CISO must ensure that all statements are factual and appropriately qualified. Overpromising on security posture or mischaracterising an incident can backfire.
- Foster a culture of shared responsibility: The CISO should advocate that cyber security is a collective enterprise responsibility, not a siloed function. Embedding security accountability across engineering, operations and business units helps dilute individual liability and strengthen overall resilience.
Summing up
The CISO operates in one of the most demanding roles in the modern economy. Their technical expertise is what builds the defensive wall, but their diligence in governance and documentation is what creates the legal fort. By integrating legal foresight into cyber strategy, documenting transparent governance and securing personal protection, CISOs can transform potential liability into institutional resilience. CISOs must consistently demonstrate a defensible standard of reasonable security and absolute transparency to lead their organisation through an age defined by digital risk and legal scrutiny. Cyber security leadership is no longer just about protecting systems, it’s about protecting the people who defend the organisation including the CISO and their team.
Aditya K Sood is vice president of security engineering and AI strategy at Aryaka.
Setup was relatively quick and painless. You just have to unbox four speakers, a soundbar, and a subwoofer, attach their power cables, and plug in everything. Pairing happens through the LG ThinQ app, which allows you to set up the Sound Suite system and tune it to exactly where you’re sitting in the room using your cell phone’s microphone.
You can also set up each speaker to play music and group it with any other LG smart speakers you might have around your home, like the more affordable $250 M5 bookshelf speaker, to create a whole-home system.
Once all the components were synced, I plugged the soundbar into the C5 OLED via HDMI, and was able to easily control everything via the TV remote’s volume and mute buttons. More in-depth settings had to happen in the app, but if you’re anything like me, this won’t become a regular chore. You’ll set it how you like it once and move on. While the pairing functionality with the LG TV was nice, it’s not required–the eARC port lets the Sound Suite work perfectly with any modern TV.
The bar itself runs the show, with a black-and-white display on the far left that shows your mode and volume, among other settings. In the center of the bar and below each speaker, an LED light strip that also shows you the volume when you change it, which is a nice touch.
Getting Musical
Photograph: Parker Hall
The sound of the LG Sound Suite is full and cinematic, thanks in no small part to the extra dedicated speakers. Most competitors lack front left and right, simply opting to use the soundbar for these channels. As such, the width and breadth of the soundstage were bigger than most competitors I’ve tried, with only Samsung’s flagship HW-Q990F as a real contender. Even the Samsung lacked the lower-frequency audio quality that these LG speakers provide.
The online leak of a full version of Avatar: Aang, The Last Airbender—a highly anticipated animated film in a multimedia fantasy franchise—has divided passionate fans while upsetting those who spent years working on the film.
The leaks began on X late on Saturday night, about six months before Aang was scheduled to premiere on Paramount+. User @ImStillDissin posted two short clips from the film. “Nickelodeon accidentally emailed me the entire Avatar aang movie,” he claimed. He also threatened to stream the entire movie if Paramount didn’t release an official trailer, and he posted a still from the movie’s end credits, revealing previously undisclosed voice-over cast and roles. The media from @ImStillDissin’s posts were later hit with copyright strikes and removed.
But within 48 hours, links to download the full movie appeared on 4chan and X, where some users also directly streamed the film. Across the web, fans said they had successfully pirated and watched what appeared to be a nearly finished and “beautiful” animated film.
While some argued that Paramount deserved to be punished because of certain creative and marketing decisions around the movie, others noted what a blow the leak was to the animators and production crew. A number of those team members took to social media to convey their sadness and frustration.
“We worked on the aang movie for years with the expectation that’d [sic] we’d get to celebrate all of our hard work in theaters. Just to see people unceremoniously leak the film and pass our shots around on twitter like candy,” animator Julia Schoel wrote Tuesday on X.
The user behind @ImStillDissin, who would not reveal his real name due to fear of legal repercussions, tells WIRED that he obtained the movie almost by chance and did not expect his posts to set off such a crisis in the entertainment world. “When I posted those clips I was purely trolling,” he says. “I was expecting a day of clout farming at best, not for the whole thing to blow up like this.”
(While WIRED has done its due diligence in verifying that the person speaking to us was behind the @ImStillDissin X account, we acknowledge that the hacking community is known to troll.)
According to @ImStillDissin, a screen-grabbed version of Avatar: Aang, The Last Airbender was circulating among people he knew from his days in the hacking community, one of whom shared it with him. “Broadly speaking, the supply chain for movies and TV is rife with insecure companies and vendors and lax checks,” he claims. He notes that two different SpongeBob SquarePants movies leaked months before their release dates in 2024. “Someone on 4chan who wasn’t happy at me drip-feeding stuff posted a copy of a draft script [of the new Avatar film] from like two years back,” says @ImStillDissin.
Neither Nickelodeon nor its parent company Paramount have confirmed a hack had taken place, nor have they issued a statement on the matter. They also did not respond to requests for comment.
Originally announced in 2021, Avatar: Aang, The Last Airbender marked the first production for Avatar Studios, a division of Nickelodeon’s animation department.
Some people felt justified in pirating and sharing the movie due to the recasting of voice actors. Last year, during a Reddit AMA, casting director Jenny Jue wrote that the voice cast from the Avatar TV show that aired on Nickelodeon in the 2000s was not returning due to efforts to “match actors’ ethnic/racial background to the characters they’re portraying.”
Having demonstrated that it has the operational capability to transport humans safely to the moon and back, the United States is moving on to its next major aim: It wants nuclear reactors in orbit and on the lunar surface by 2030. For such a feat, the National Aeronautics and Space Administration will have to work in conjunction with the Department of Defense and the Department of Energy.
In a post on X, the White House Office of Science and Technology Policy (OSTP) unveiled a document with new guidelines for federal agencies to establish the space nuclear technology road map for the coming years. This, they say, will ensure “US space superiority.”
At present, space instruments use solar power to operate. However, this is considered impractical for more complex purposes. Although technically there is always sunlight, the power is intermittent and almost always requires bulky batteries to store it.
Reactors produce fairly continuous energy for years through nuclear fission. They can also be used for so-called nuclear electric propulsion. Continuous output makes them the most viable option for lunar base subsistence, but they can also allow spacecraft to undertake long or complex missions without worrying about depleting a limited supply of chemical fuel.
Nuclear technology, in short, makes it possible to go farther, with more payload, for longer, and with fewer constraints.
According to the memorandum, the US goal is to put a medium-power reactor in orbit by 2028, with a variant designed for nuclear electric propulsion, and a first functional large reactor on the surface of the moon by 2030. To achieve this, both NASA and the Pentagon will develop energy technologies in parallel, using the current strategy of competition among contractors.
The reactors will have to be modular and scalable, and will have to include applications for both future life on the moon and space propulsion. For its part, the DOE will have to ensure that these projects have the fuel, infrastructure, and safety features necessary to achieve their objectives. In addition, the agency will evaluate whether the industry has the capacity to produce up to four reactors in five years.
The plan contemplates technologies that produce at least 20 kilowatts of electricity (kWe) for three years in orbit and at least five years on the lunar surface. In the meantime, they should have a design capable of raising power to 100 kWe. The first designs should arrive within a year.
Finally, the order tasks the OSTP with creating a road map for the initiative, noting obstacles and recommendations for addressing them.
“Nuclear power in space will give us the sustained electricity, heating, and propulsion essential to a permanent presence on the moon, Mars, and beyond,” OSTP posted. For his part, NASA administrator Jared Isaacman posted, “The time has come for America to get underway on nuclear power in space.” The message was followed by an emoji of a US flag.
The plan provides a common framework for each agency to work within. In the background, the race for space infrastructure is evidence of technological competition with China, which is also seeking advanced energy capabilities for the moon.
This story originally appeared in WIRED en Español and has been translated from Spanish.
Australian consumer confidence drops in April on rising living costs
LG’s High-End Soundbar System Makes My Living Room Feel Like a Home Theater
‘Miss Congeniality’ Benjamin Bratt opens up on working with Sandra Bullock
-
Entertainment1 week agoQueen Elizabeth II emotional message for Archie, Lilibet sparks speculation
-
Tech1 week agoAzure customers up in arms over ‘full’ UK South region | Computer Weekly
-
Tech1 week agoAs the Strait of Hormuz Reopens, Global Shipping Will Take Months to Recover
-
Fashion1 week agoCII submits 20-pt agenda to Indian govt to back firms hit by Iran war
-
Tech1 week agoThis AI Button Wearable From Ex-Apple Engineers Looks Like an iPod Shuffle
-
Politics6 days agoIndian airlines hit hardest after Dubai limits foreign flights until May 31
-
Fashion1 week agoICE cotton hits 11-month high on drought concerns, demand boost
-
Politics6 days agoChinese, Taiwanese will unite, Xi tells Taiwan opposition leader