A report has emerged stating that the majority of CEOs will be held accountable for data breaches by 2024, as both the frequency and severity of cyber-attacks and data breaches grow.
The report comes from Gartner who predicts that liability of cybersecurity within organisations will “pierce the corporate veil” and impact as many as 75% of CEOs by 2024 in the event of a cyber-attack or data breach.
“Soon, CEOs won’t be able to plead ignorance or retreat behind insurance policies.” – Gartner
Analysts at Gartner forecast that cyber security incidents will “rapidly increase” in the near future, and as a result of lack of emphasis on cyber security and allocation of resources, the impact will dethrone a number of high-level CEOs when their organisation is breached.
The risks of cyber attacks is set to be compounded by the number of Internet of Things (IoT) devices coming online, as well as critical infrastructure being left underprotected from outside attackers. Gartner says that with autonomous vehicles, smart cities, buildings and devices now connected to the internet, incidents in the digital world will have a “much greater effect” in the physical world as risks, threats and vulnerabilities now exist in a bidirectional, cyber-physical spectrum.”
Gartner forecasts that the impact of cyber attacks, including those that result in human fatalities will hit USD $50 billion by 2023. Gartner notes that this does not take into account “the actual value of human life into the equation, the costs for organisations in terms of compensation, litigation, insurance, regulatory fines and reputation loss.”
For more information on an Information Security Management System like ISO 27001, click here for your Free ISO 27001 Gap Analysis Checklist.
Research vice president at Gartner, Katell Thielemann says that “regulators and governments will react promptly to an increase in serious incidents resulting from failure to secure CPSs, drastically increasing the rules and regulations governing them.”
Thielemann continued to explain that “In the U.S., the FBI, NSA and Cybersecurity and Infrastructure Security Agency (CISA) have already increased the frequency and details provided around threats to critical infrastructure-related systems, most of which are owned by private industry.”
“Soon, CEOs won’t be able to plead ignorance or retreat behind insurance policies,” she added.
“Technology leaders need to help CEOs understand the risks that CPSs represent and the need to dedicate focus and budget to securing them… the more connected CPSs are, the higher the likelihood of an incident occurring,” Thielemann said.