As factories, power plants, water systems etc. are run by computers rather than humans it looks like the CISO will stop being the only fall-guy when things go wrong. My company works with a number of technology vendors to find and secure Operational Technology (OT) as well as the more usual IT. As 5G becomes embedded in both business and personal life this problem will grow like topsy…:
[…] Due to the nature of cyber-physical systems (CPSs), incidents can quickly lead to physical harm to people, destruction of property or environmental disasters. Gartner analysts predict that incidents will rapidly increase in the coming years due to a lack of security focus and spending currently aligning to these assets.
“Regulators and governments will react promptly to an increase in serious incidents resulting from failure to secure CPSs, drastically increasing rules and regulations governing them,” said Katell Thielemann, research vice president at Gartner.
“In the U.S., the FBI, NSA and CISA have already increased the frequency and details provided around threats to critical infrastructure-related systems, most of which are owned by private industry. Soon, CEOs won’t be able to plead ignorance or retreat behind insurance policies.”
The financial impact of CPS attacks resulting in fatal casualties is predicted to reach over $50 billion by 2023. Even without taking the actual value of a human life into the equation, the costs for organizations in terms of compensation, litigation, insurance, regulatory fines and reputation loss will be significant.
“Technology leaders need to help CEOs understand the risks that CPSs represent and the need to dedicate focus and budget to securing them,” said Ms. Thielemann. “The more connected CPSs are, the higher the likelihood of an incident occurring.”