“The analyst firm [Gartner] expects liability for cyber-physical systems (CPSs) incidents will pierce the corporate veil to personal liability for 75% of CEOs”. By 2024 the report predicts 75% of CEOs will be personally liable for cybersecurity incidents. This means that insurance policies will no longer be able to cover the costs and damages related to a cyber incident. CEO personal liability will lead to significant financial and reputational repercussions in the event of a cyber incident.
Cybersecurity is Shifting to an Enterprise Issue
Previously, it was not the norm for CEOs to be directly responsible for cyberattacks. For example, when Equifax fell victim to one of these incidents, Moody’s downgraded their credit rating and their CIO was jailed for insider trading. Despite the fact that this attack affected 143 million consumers, no other executives were held liable. However, their CEO did resign due to the backlash the company received after the data breach. Target was a victim of a data breach in 2013 and their CEO at the time, Gregg Steinhafel resigned a few months following. In addition to reputational damage, CEOs may soon be personally liable for these…
