40% of CISOs Fear Personal Legal Liability After a Breach

26 Feb 2026

CISOsIAMCybersecurityLegalLiabilityZeroTrustIdentityManagementAccessManagementBreachRiskManagementExecutiveSupport

💬 40% of CISOs fear personal legal liability after a breach... The accountability model has shifted. What that means for IAM (based on conversations with hundreds of CISOs throughout the years). The post highlights that CISOs increasingly view Identity and Access Management (IAM) failures as career-threatening risks, driven by underfunding, organizational silos, and emerging threats like deepfake job applicants. It notes that outdated issues such as privilege creep and unmonitored accounts remain common breach causes, while Zero Trust adoption is seen as a gradual process requiring cultural and technical alignment. Success in IAM depends on executive support, continuous governance, and breaking down tooling fragmentation rather than just deploying products. The discussion is based on insights from conversations with hundreds of CISOs over the years.