SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Gartner predicts 75% of CEOs to be liable for cyber-physical security incidents by 2024
Wed, 2nd Sep 2020
FYI, this story is more than a year old

Within the next four years, liability for cyber-physical security incidents will pierce the corporate veil to personal liability for three out of every four CEOs, according to new research from Gartner.

Cyber-physical systems (CPSs) are systems engineered to orchestrate sensing, computation, control, networking and analytics to interact with the physical world – including humans.

CPSs are critical to all connected IT, OT and IoT processes where both the cyber and physical worlds are affected by security considerations.

According to Gartner, the nature of CPSs means incidents can quickly lead to physical harm to people, destruction of property or environmental disasters – and Gartner's new research indicates that these incidents will increase drastically in the next few years if the lack of spending on these assets continues.

“Regulators and governments will react promptly to an increase in serious incidents resulting from failure to secure CPSs, drastically increasing rules and regulations governing them,” says Gartner research vice president Katell Thielemann.

“In the US, the FBI, NSA and Cybersecurity and Infrastructure Security Agenda (CISA) have already increased the frequency and details provided around threats to critical infrastructure-related systems, most of which are owned by private industry.

“Soon, CEOs won't be able to plead ignorance or retreat behind insurance policies.

The financial impact of CPS attacks resulting in fatalities will reach over US$1 billion by 2023, according to Gartner.

“Technology leaders need to help CEOs understand the risks that CPSs represent and the need to dedicate focus and budget to securing them,” says Thielemann.

“The more connected CPSs are, the higher the likelihood of an incident occurring.

Thielemann goes on to say that with operational technology, smart buildings, smart cities, connected cars and autonomous vehicles evolving, incidents in the digital world will have a much greater effect in the physical world as risks, threats and vulnerabilities now exist in a bidirectional, cyber-physical spectrum.

However, many enterprises are not aware of CPSs already deployed in their organisation, either due to legacy systems connected to enterprise networks by teams outside of IT, or because of new business-driven automation and modernisation efforts.

“A focus on ORM – or operational resilience management - beyond information-centric cybersecurity is sorely needed,” says Thielemann.

Gartner's research comes as the company recently named Adobe a Leader in the 2020 Magic Quadrant for Digital Commerce.

It is the fourth year that Adobe has been named a Leader, and this year, Adobe achieved the highest placement on the ability to execute axis in the Leaders quadrant of the 15 participating vendors that were evaluated on their ability to execute and completeness of vision.