Holding executives and employees personally responsible is seemingly gaining traction within IT and cybersecurity communities and global political arenas. Let’s explore a few examples and see what this might mean for the future of cybersecurity.
Back in 2009, data from a survey by Websense (now ForcePoint) showed that 30% of 104 security professionals surveyed thought company leaders should be held accountable for security-related shortcomings. The respondents indicated that “CEOs and board members should face imprisonment for exposing consumers’ confidential data.” At the time, that was quite a hot take on data breach responsibility and consequences, or was it?
Since then, support for this idea only seems to continue to grow. Over the past few years, we’ve now started to see real criminal charges and convictions being handed out in response to data breaches. We’re not talking about charges against the cybercriminals who are committing these attacks. No, we’re referring to lawsuits and even criminal charges against the targeted organizations’ executives and other employees for blatant negligence or reckless behavior.
In 2020, Gartner predicted that three in four CEOs will be held ‘personally liable’ for cyber attacks and security incidents regarding cyber-physical security systems (CPSs) by 2024. Gartner’s analysts predict that dangerous or even fatal incidents involving these systems will increase due to small cybersecurity budgets and low prioritization of securing these systems.
This article explores several examples of CEOs, executives, and other employees facing charges or receiving convictions due to cyber security incidents and data breaches.
Let’s hash it out.
The post Data Breach Responsibility & Consequences: Should Execs & Employees Be in the Hot Seat? appeared first on Hashed Out by The SSL Store™.