The criminal conviction of former Uber security officer Joseph Sullivan for concealing a data breach is a high-profile reminder to corporate executives of their roles—and potential liability—in company security practices.
The US Department of Justice’s prosecution of Sullivan sends a signal to company executives that they risk sanctions if they don’t handle such episodes properly, attorneys and cybersecurity experts said.
“The Justice Department has made a calculation that they will ultimately empower certain C-suite executives to demand more resources and attention paid to compliance if they hold those executives responsible,” said former federal prosecutor Renato Mariotti, who is now a ...