Hackers, viruses, and other online threats don't just create headaches for Internet users -- they could also create prison sentences for corporate executives, experts say.

Though business groups have lobbied successfully against laws focused on cybersecurity, companies that don't make efforts to secure their networks could face civil and criminal penalties under an array of existing laws and court decisions, according to security and legal experts.

[...]

Though health-care, banking and deceptive-business laws all create security obligations, a new accounting-reform law being phased in is likely to have the biggest impact.

The 2002 Sarbanes-Oxley Act holds executives liable for computer security by requiring them to pledge that companies' "internal controls" are adequate, and auditors are starting to include cybersecurity in that category, said Shannon Kellogg, director of government affairs at RSA Security.

[...]

[CLB: nice overview article.]