Personal liability for CEOs

Business leaders to be accountable

According to Gartner, CEOs will be personally liable for cyber-physical security incidents by 2024. No longer just an IT related issue, the facts are that such things can rapidly escalate & cause physical harm to people and destruction of property. Analysts predict that such incidents will rapidly increase in future due to a lack of focus and spending in this area.

What is a cyber-physical system?

Gartner defines Cyber-physical Systems (CPSs) as those that are designed to "orchestrate sensing, computation, control, networking and analytics to interact with the physical world (including humans)".

Though often not factored into compliance or risk assesment, these systems have become pervasive, and support many aspects of corporate and organisaional infrastructure including asset-intensive and critical systems such as clinical healthcare environments.

Issues in the digital world will increasingly have much more effect in the physical one because of the increasing interdependency between the two. And to compound the issue, many such vulnerabilities exist in legacy environments that have been connected to enterprise networks by teams outside of an organisation's core infrastructure.

What can be done now?

It is recommended that business leaders establish a clear and demonstrable organisational culture to establish good governance and proactive compliance, together with the ability to assess and interpret risk effectively.

  • Provide a clear vision
  • Develop a consistent roadmap
  • Establish accountability

The complexity of regulations makes it challenging for organisations and administrators to formulate specific actions that can be taken to meet compliance requirements, and it can be overwhelming to know where to start and what to implement. Executives are more likely to subscribe to a vision when it is laid out in non-technical terms - it is crucial to support business outcomes rather than just protecting critical systems.

It is imperative to have a data strategy and governance framework in place, as this will siginificantly improve an organisation's ability to analyse risk and produce actions and reporting as required. Improving the effectiveness of compliance and risk controls will best position any organisation to face an uncertain future of increasing challenges.

In the US, the FBI, NSA and Cybersecurity and Infrastructure Security Agency (CISA) have already increased the frequency and details provided around threats to critical infrastructure-related systems, most of which are owned by private industry. Soon, CEOs won’t be able to plead ignorance or retreat behind insurance policies.

Katell Thielemann, Research Vice President at Gartner

Pali GRC simplifies your governance, risk and compliance (GRC) activities and saves you precious time and money, and ensures standards and consistency across the enterprise

ProbityPro Probity

ProbityPro manages the complete probity and procurement cycle, with the flexibility needed to accommodate an organisation's nomenclature, procurement processes and governance, workflows and more.