Gartner predicts more CEOs will be personally responsible for cyber-physical security incidents by 2024.
By 2024, 75% of CEOs will be held personally responsible and accountable for failing to protect systems from cyber incidents, according to a new report from Gartner. The number of incidents will record a significant increase in the coming years due to a lack of security focus and spending currently aligning with these assets.
Cyber-Physical Systems (CPSs) are engineered to orchestrate computation, control, networking, and analytics to interact with the physical world. Hence, they underpin all connected IT, OT, and IoT efforts. The economic implications of CPSs attacks resulting in fatalities are expected to increase. According to the report, the financial impact of CPSs attacks resulting in fatal casualties will reach over $50 billion by 2023.
“Regulators and governments will react promptly to an increase in serious incidents resulting from failure to secure CPSs, drastically increasing rules and regulations governing them,” said Katell Thielemann, research vice president at Gartner. “In the U.S., the FBI, NSA and Cybersecurity and Infrastructure Security Agency (CISA) have already increased the frequency and details provided around threats to critical infrastructure-related systems, most of which are owned by private industry. Soon, CEOs won’t be able to plead ignorance or retreat behind insurance policies.”
The research firm noted that companies’ costs in terms of compensation, litigation, insurance, regulatory fines, and reputation loss will be huge. It is essential for business and IT leaders to help CEOs understand the risks that CPSs represent and the need to dedicate focus and budget to securing them.
Enterprises find it challenging to monitor their networks because they often are not aware of the possible threats that enable hackers to attack. The report says that several companies are also unaware of CPSs already deployed either due to legacy systems connected to their networks by outsourced IT team or due to new business-driven automation and modernization efforts.
CEOs need to realize that along with driving innovation, growth, and company direction, the responsibilities of cybersecurity readiness is also an important factor they need to spearhead. It is also important to establish and nurture a security-minded culture across the board, partners, and even outside vendors.