75% of CEOs could be jailed for suffering cyber-physical security incidents

75% of CEOs could be jailed for suffering cyber-physical security incidents

75% of CEOs could face jail for suffering cyber-physical security incidents

By 2024, changes in cyber security legislations may make CEOs personally liable for cyber-physical security incidents involving their companies that may directly endanger human lives or the environment, Gartner has predicted.

Gartner said that 75% of CEOs could be held personally liable for cyber-physical security incidents if it is found that such incidents took place due to a lack of focus on cyber security or security spending. Cyber-physical security incidents have the capability of causing physical harm to people, destruction of property, or environmental disasters.

According to Gartner, cyber-physical systems are “systems that are engineered to orchestrate sensing, computation, control, networking and analytics to interact with the physical world (including humans)”. These systems include all connected IT, operational technology (OT), and Internet of Things (IoT) systems and devices that are used for running asset-intensive, critical infrastructure, and clinical healthcare environments.

“Regulators and governments will react promptly to an increase in serious incidents resulting from failure to secure CPSs, drastically increasing rules and regulations governing them,” said Katell Thielemann, research vice president at Gartner.

“In the U.S., the FBI, NSA and Cybersecurity and Infrastructure Security Agency (CISA) have already increased the frequency and details provided around threats to critical infrastructure-related systems, most of which are owned by private industry. Soon, CEOs won’t be able to plead ignorance or retreat behind insurance policies,” she added.

Cyber attacks targeting cyber-physical systems that run critical infrastructure, healthcare systems, and other industries could result in fatal casualties in the near future and the financial impact of such attacks will exceed $50 billion by 2023. The financial impact will include significant compensations, litigation costs, insurance payouts, and regulatory fines.

“Technology leaders need to help CEOs understand the risks that cyber-physical systems represent and the need to dedicate focus and budget to securing them. The more connected CPSs are, the higher the likelihood of an incident occurring. A focus on ORM – or operational resilience management – beyond information-centric cybersecurity is sorely needed,” Thielemann added.

Commenting on Gartner’s prediction, Boris Cipot, senior security engineer at Synopsis, told Teiss that if developed carelessly, technical equipment and products could be manipulated or abused by cyber criminals to cause harm or even death. Therefore, it is understandable why we would no longer simply issue financial penalties, but extend this to jail time as well.

“However, I do not believe that the idea is as cut and dry as saying that one has to go jail and that’s it. There needs to be supporting guidelines on what adequate development practices are and what is expected to be followed, in order to satisfy these security standards.

“I not only believe that this will be needed but also welcomed by many companies struggling today on the security compliance front. It will also be welcomed by users who will feel more secure knowing that the software or devices they use are developed under some sort of formalized standard,” he added.

Read More: With their head in the cloud, organisations must keep their foothold on security

Copyright Lyonsdown Limited 2021

Top Articles

Amazon fined a staggering £636 million in Europe for GDPR violations

Luxembourg’s National Commission for Data Protection (CNPD) has imposed an unprecedented fine of €746 million (£636 million) on Amazon for GDPR violations.

SysAdmin Day 2021: Paying thanks to the unsung IT heroes

Today is SysAdmin Day when we should pay tribute to the system administrators working around the clock to keep business running smoothly

Former First Sea Lord says Royal Navy ships are vulnerable to hackers

A former First Sea Lord has warned that Royal Navy ships and Britain's merchant fleet could become sitting ducks for hackers if adversaries find ways to knock out satellite communications.

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]