75% of CEOs Liable for Cyber Attacks

By Susan Moore

September 1, 2020 4:30PM 

 STAMFORD, Conn.--According to Gartner, Inc., courts will "pierce the corporate veil" to personal liability for 75% of CEOs by 2024.  Gartner's study, Financial Impact of Cyber-Physical System (CPS) Attacks, explains how rising fatalities associated with cyberattacks will drive this trend. As the internet is increasingly attached to the physical world through self-driving cars, robotic manufacturing, and remote robotic surgical procedures, CEO and board's legal responsibilities are increasing. "

In the old days," says Donald Temple, managing director at TEMVI, PLLC, "the CEO and board responsibilities around cyber security were  just about protecting money. An insurer is also more likely to pay a claim for a finite sum of money than for a loss of life or serious bodily injury. When there is a loss of life or serious bodily injury, there’s a domino effect. Newspapers and television networks are more likely to cover the cyberattack. Injured parties or their estates want the world to know. Their lawyers want to pre-condition potential jurors. They want the public to press for punitive damages based on a theory of criminal negligence. Courts become more willing to disregard the corporate or LLC shield against personal liability for the CEO and board." 

Gartner predicts that the financial impact of CPS attacks resulting in fatal casualties will reach over $50 billion by 2023. Even without taking the actual value of a human life into the equation, the costs for organizations in terms of compensation, litigation, insurance, regulatory fines, and reputation loss will be significant. 

“Technology leaders need to help CEOs understand the risks that CPSs represent and the need to dedicate focus and budget to securing them,” said Katel Thieleman, research vice president at Gartner. “The more connected CPSs are, the higher the likelihood of an incident occurring.” As we move toward greater personal exposure for damages related to cyberattacks, lawyers recommend that CEOs understand their legal exposure and actively manage the IT security teams. 

"After all," says Temple "It’s important to remember that, following a cyberattack, the IT team will be updating their resumes while the CEO and board of directors will be left to deal with the financial and legal consequences"

Ayan View contributed to this article.

Copyright 2021 TEMVI, PLLC All Rights Reserved 

Schedule a Consultation With a Cyber Security Attorney Now