CISOs are still often not considered C-suite, and rarely get called to boardrooms.
Commensurating with the new risks for a CISO, a seat in the C-suite, E&O coverage, and nice parachute are the minimum CISOs should get.
Edit: I understand that in this case there were false statements made. That still does not remove the new risk for other CISOs to be dragged into quagmires they were not responsible for (see regulation discrepancies between various US, UK, or EU departments).
Commensurating with the new risks for a CISO, a seat in the C-suite, E&O coverage, and nice parachute are the minimum CISOs should get.
Edit: I understand that in this case there were false statements made. That still does not remove the new risk for other CISOs to be dragged into quagmires they were not responsible for (see regulation discrepancies between various US, UK, or EU departments).