16 C
Wednesday, May 29, 2024

88% of Boards of Directors View Cybersecurity as a Business Risk

Eighty-eight percent of Boards of Directors (BoDs) view cybersecurity as a business risk, as opposed to a technology risk, according to a new survey* from Gartner, Inc. However, only 12% of BoDs have a dedicated board-level cybersecurity committee.

The 2022 Gartner Board of Directors Survey was conducted via an online survey from May through June 2021 among 273 respondents in the U.S., Europe and APAC in a board of director role or a member of the corporate board of directors.

- Advertisement -
board of directors cybersecurity leadership risk responsibility

“It’s time for executives outside of IT to take responsibility for securing the enterprise,” said Paul Proctor, distinguished research vice president at Gartner. “The influx of ransomware and supply chain attacks seen throughout 2021, many of which targeted operation- and mission-critical environments, should be a wake-up call that security is a business issue, and not just another problem for IT to solve.”

Even as business leaders are aware of the need to secure the enterprise against new and evolving threats, responsibility for security mostly lies with IT leadership. A recent Gartner survey found that in 85% of organizations, the CIO, CISO or their equivalent was the top person held accountable for cybersecurity. Just 10% of organizations held non-IT senior managers accountable.

The “2021 Gartner Global Security and Risk Management Governance” survey was conducted between April and May 2021 amon 625 respondents across North America, EMEA, APAC and Latin America at organizations with at least 100 employees and $50 million in total annual revenue.

Reframe Cybersecurity Investments from a Business Lens

Recent research has found that 66% of CIOs intend to increase cybersecurity investments in the coming year. However, Gartner projections show that overall growth in cybersecurity spend will slow through 2023.

“After years of such heavy investment in security, Boards are now pushing back and asking what their dollars have achieved,” said Proctor.

“After years of such heavy investment in security, Boards are now pushing back and asking what their dollars have achieved,” said Proctor.

As security budgets shrink, CIOs and CISOs will need to collaborate closely with executive leadership to reframe cybersecurity investment in a business context. For example, CISOs can offer a range of protection options to business leaders with the costs and risks of each choice clearly outlined.

“CIOs and CISOs must leverage their expertise to increase transparency around investment and risk, to drive shared accountability for security across the business,” said Proctor.

Website | + posts

Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.


Also Read