As ISPs deploy managed customer-premises routers, firewalls, and security services, the boundary between connectivity and security responsibility becomes increasingly blurred. Business customers often assume the provider is accountable for security outcomes, while ISPs intend to deliver availability and device health. This gap creates operational friction and exposes both the company and the CTO to legal, contractual, and reputational risk.

This session helps CTOs establish and enforce a clear shared-responsibility model for managed CPE before an incident occurs. The discussion examines common liability scenarios, including firewall misconfigurations, firmware vulnerabilities, and supply-chain risks, and connects regulatory and contractual obligations to real architectural and operational decisions. Attendees will leave with guidance on how to define scope, document responsibility, and align internal teams and partners to reduce ambiguity when something goes wrong.