CISO Trainings , Events , Leadership & Executive Communication

Protecting CISOs From Taking the Blame

Troutman Pepper Attorney on the CISO-General Counsel Partnership - or Lack of It
Ron Raether, partner, Troutman Pepper

In the wake of high-profile incidents at Uber and Twitter in 2022, both CISOs and their general counsels can learn valuable lessons. The case studies show how CISOs have been made scapegoats when organizations are faced with a breach and looking for someone to blame. But there are ways to improve collaboration, says Ron Raether, partner at Troutman Pepper.

See Also: The Operationalization of Threat Intelligence Programs

Much of the friction, Raether says, is the result of ignorance. The general counsel doesn't fully understand technology and information security. Raether advises a dynamic shift in the organization's culture, beginning with education and effective communication. CISOs also should have allies within the organization where historically they may not have built connections.

"Just like a CISO, a general counsel might be seen as the individual that is a cost center, that says 'no' to projects and is seen as an impediment to revenue generation or product functionality," he said. "Being able to bring in these resources together to act unanimously is going to help instill some of those cultural changes that are needed to reduce the overall risk profile of an organization."

In this video interview with Information Security Media Group at RSA Conference 2023, Raether also discusses:

  • What the Uber and Twitter cases tell us about the relationships between CISOs and their general counsels;
  • Options to consider before paying a ransom;
  • Why and how the relationships between CISOs and their general counsels can be improved.

Raether leads the cybersecurity, information governance and privacy team at Troutman Pepper. He has assisted companies in navigating federal and state privacy laws for over 20 years and has counseled clients on operationalizing the California Consumer Privacy Act of 2018. Raether represents clients in data aggregation and analytics, mobile applications, payment technologies and IoT.


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.