CISO Criminal Liability: Understanding the US v. Joe Sullivan Trial 

In 2016, Uber experienced a data breach that compromised the personal information of 57 million users and 600,000 drivers. In response to a ransomware demand from the hackers that had targeted the ride-sharing app, the company’s chief information security officer (CISO), Joseph Sullivan, attempted to cover up the data theft and mislead regulators. In 2022, Mr. Sullivan was found guilty of multiple charges relating to this incident. Today, as regulatory demands increase in response to ever-rising cybersecurity threats, many are asking what this ruling means for the criminal liability of CISOs and other business executives.  

• Attorneys will find this discussion of liability and boundaries of duty an essential tool to counseling businesses on cybersecurity legal and regulatory risk management. 
• CISOs and Technology Executives: In his sentencing of Joseph Sullivan, Judge Orrick stated that “if I have a similar case tomorrow, even if the defendant has the character of Pope Francis, they would be going to prison.” While today, most regulators and company boards understand that during a cybersecurity incident, CISOs operate with incomplete and rapidly developing information, there are boundaries to the CISO’s responsibilities and authority. This webinar is your opportunity to understand the relationship between your role, relevant laws, and when it is appropriate to seek counsel.  

In this seminar, our expert panelists give a comprehensive overview of the U.S. v Joseph Sullivan case, beginning by introducing the facts of the case and explaining from a legal perspective the relevant technical information of the case. Next, our speakers discuss the charges against Mr. Sullivan and the issues considered in the case. Our speakers then review the ruling and provide observations about the outcome of the case, concluding with key takeaways about what this case means for criminal liability for CISOs. 

Topics covered in this webinar:    

1. CISO Criminal Liability: U.S. v. Joseph Sullivan  

2. Facts and Background  

3. Issues and Charges  

4. Ruling, Sentencing, and Observations  

5. Key Takeaways: Dispelling Cyber Criminal Liability Rumors 

FEATURED SPEAKERS: