“There is a pattern of increased accountability which presents a major concern for management teams and CEOs. In the very near future, negligence in cybersecurity could put you in jail,” says Piet Delport, Assistant Professor at Noroff University College.
He provided a recent and shocking example: In September, German police opened a homicide investigation after a woman died during a ransomware attack. The ransomware reportedly invaded 30 servers at Düsseldorf University Hospital, crashing systems and forcing the hospital to turn away emergency patients.
As a result, a woman in a life-threatening condition was sent to a hospital 30 kilometers away and died from treatment delays. German prosecutors are investigating possible manslaughter charges against the cybercriminals.
Since the hackers took advantage of a well-known vulnerability, which Germany’s national cyber-security authorities say they warned about as early as January, it is speculated that hospital management could also be held responsible.
“We will soon see a new standard of accountability. CEOs might end up in jail due to negligent homicide as a result of inadequate IT security measures. This new risk will hopefully drive information security strategies,” says Dietport.
“In 2002, the Sarbanes-Oxley Act came as a result of mismanagement in large accounting firms. In 2018, GDPR was introduced to focus on data subjects rights. So what is next? Increased accountability for cyberattacks that could have been prevented,” says Dietport.
His talk at the online cyber security conference Security Talks 2020 Tuesday, was titled IT security, how concerned should I be? Without offering a direct response, Dietport’s left a clear impression that the answer could be summarized in one word: