Top Management Will Be Liable For CSP Incidents

Gartner research predicts that in four years the top management of companies that suffer cyber-physical security (CSP) incidents will routinely be held liable, especially those incidents that involve fatalities. Gartner defines CPSs as “systems that are engineered to orchestrate sensing, computation, control, networking and analytics to interact with the physical world (including humans).” The security implications for such systems are heightened as IT systems, IoT and the operational technology that controls physical systems converge. Physical systems that were previously separated can now be reached through a compromised IT network or IoT endpoint. At the same time, many companies are unaware that they have operational technology systems connected to enterprise networks. They may not be following proper network segmentation or other precautions. According to Gartner, “incidents can quickly lead to physical harm to people, destruction of property or environmental disasters.” Katell Thielemann, research vice president at Gartner, suggests keeping an eye out for any regulation that might come into force as a result of the first cyber-physical casualty.”