CEOs to be held liable for security breaches


Friday, 04 September, 2020


CEOs to be held liable for security breaches

Gartner predicts that liability for cyber-physical security incidents will pierce the corporate veil to personal liability for 75% of CEOs by 2024. Due to the nature of cyber-physical systems (CPSs), incidents can quickly escalate to causing physical harm to people, destruction of property and environmental disasters. Gartner analysts predict that incidents will rapidly increase in future due to a lack of security focus and spending currently aligning to these assets.

Gartner defines CPSs as systems that are engineered to orchestrate sensing, computation, control, networking and analytics to interact with the physical world (including humans). CPSs underpin all connected IT, operational technology (OT) and Internet of Things (IoT) efforts where security considerations span the cyber and physical worlds, such as asset-intensive, critical infrastructure and clinical healthcare environments.

Katell Thielemann, Research Vice President at Gartner, noted that regulators and governments will react promptly to an increase in serious incidents arising from failure to secure CPSs, drastically increasing rules and regulations governing them.

“In the US, the FBI, NSA and Cybersecurity and Infrastructure Security Agency (CISA) have already increased the frequency and details provided around threats to critical infrastructure-related systems, most of which are owned by private industry. Soon, CEOs won’t be able to plead ignorance or retreat behind insurance policies,” said Thielemann.

Gartner predicts that the financial impact of CPS attacks resulting in fatal casualties will reach over $50 billion by 2023 , with significant costs for organisations in terms of compensation, litigation, insurance, regulatory fines and reputation loss.

“Technology leaders need to help CEOs understand the risks that CPSs represent and the need to dedicate focus and budget to securing them. The more connected CPSs are, the higher the likelihood of an incident occurring,” said Thielemann.

With OT, smart buildings, smart cities, connected cars and autonomous vehicles evolving, incidents in the digital world will have more effect in the physical world as risks, threats and vulnerabilities exist in a bidirectional, cyber-physical spectrum. However, many organisations are not aware of CPSs already deployed in their organisation, either due to legacy systems connected to enterprise networks by teams outside of IT or because of new business-driven modernisation efforts.

“A focus on ORM — or operational resilience management — beyond information-centric cybersecurity is sorely needed,” said Thielemann.

Image credit: ©stock.adobe.com/au/Vitalii Vodolazskyi

Related Articles

Digital experience is the new boardroom metric

Business leaders are demanding total IT-business alignment as digital experience becomes a key...

Data quality is the key to generative AI success

The success of generative AI projects is strongly dependent on the quality of the data the models...

The top hurdles that will keep Australian CDOs up at night in 2024

The era of AI promises plenty of potential but this also guarantees increased complexity for...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd