Gartner Says CEOs to be Personally Liable for CPS Breaches
Gartner defines Cyber-Physical Systems (CPS) as those systems “that are engineered to orchestrate sensing, computation, control, networking, and analytics to interact with the physical world, including humans”.
CPSs include many IoT, IIoT, critical infrastructure such as electric and water and healthcare systems, among others.
Gartner predicts that the LIABILITY from cyber incidents will fall DIRECTLY onto many CEOs by 2024. They say that CPS incidents will pierce the corporate veil and hold CEOs personally liable in 75% of the cases.
If you run a company, that should make you nervous.
In part, this is because regulators will increase rules and regulations governing these breaches.
Given that we are seeing a dramatically increasing frequency of alerts from the FBI, NSA, CISA and others, it is going to be hard for CEOs to claim they just didn’t know or understand.
Not even considering the cost of loss of human life, the costs of litigation, insurance, regulatory fines, compensation and reputation damage will be significant, they say.
Gartner says that the financial impact of CPSs resulting in casualties to human life (a small percentage of the total events) is predicted run up a $50 BILLION bill by 2023.
While many companies claim that they don’t run any cyber physical systems, the reality of the story is that even if the do not run any today, that will be technically impossible in a couple of years because there will be no other options available.
Try telling your electric company that you don’t really want a smart meter. For now, my electric company will allow me to keep my old, dumb meter, but they will tack on a $20 per month meter reading fee plus a one time $80 setup fee. As their smart meter rollout completes, that fee could be $50 or $100 a month as the person they have to keep on staff might only have a few meters to read each month. Expect the option to choose to go away in a couple of years.
In addition, there will be benefits to the company of smart systems – possibly lower costs and also the impossibility of keeping good employees without them.
Finally, companies will need to install smart systems in order to support customers who have at their location.
Bottom line, CEOs who do not up their security game may find themselves personally in court defending themselves. Credit: ZDNet