Research and advisory firm Gartner estimated that nearly 75% of CEOs will be personally liable for the financial impact due to the growing Cyber-Physical System (CPS) attacks by 2024. In its report, Gartner stated that CPS security incidents can lead to physical damage to people and destruction of assets in a rapid space, and environmental disasters. It also predicted that CPS incidents will increase in the coming years due to lack of focus and investment in cybersecurity.
What is Cyber-Physical System?
A cyber-physical system is a computer system in which a mechanism is controlled by a computer-based algorithm. CPSs are engineered to orchestrate sensing, computation, control, networking, and analytics to communicate with the physical world.
“Cyber-physical systems underpin all connected IT, operational technology (OT) and Internet of Things (IoT) efforts where security considerations span both the cyber and physical worlds, such as asset-intensive, critical infrastructure and clinical health care environments,” Gartner said.
According to Gartner, the financial loss due to CPS attacks will reach over $50 billion by 2023. In addition, the costs to organizations in terms of compensation, litigation, insurance, and regulatory fines will be higher.
Katell Thielemann, Research Vice President at Gartner said, “Regulators and governments will react promptly to an increase in serious incidents resulting from failure to secure CPSs, drastically increasing rules and regulations governing them. In the U.S., the FBI, NSA and Cybersecurity and Infrastructure Security Agency (CISA) have already increased the frequency and details provided around threats to critical infrastructure-related systems, most of which are owned by private industry.”
Thielemann added, “Technology leaders need to help CEOs understand the risks that CPSs represent and the need to dedicate focus and budget to securing them. The more connected CPSs are, the higher the likelihood of an incident occurring. A focus on ORM – or operational resilience management, beyond information-centric cybersecurity is sorely needed.”
It is essential to note that damages in the digital world have an adverse impact in the physical world, since vulnerabilities and risk vectors exist in a cyber-physical spectrum.