Gartner’s Board of Directors Survey rated Cybersecurity risk as the second-highest source of risk for the enterprise, following regulatory compliance risk. By 2025, 40% of boards of directors will have a dedicated cybersecurity committee overseen by a qualified board member, up from less than 10% today, according to Gartner.
However, relatively few directors feel confident that their company is properly secured against a cyberattack.
Highlights:
- Cybersecurity influenced changes are seen at the board, management and security team levels
- Nearly 70% of Boards of Directors (BoDs) Accelerated Their Digital Business Initiatives Following COVID-19 Disruption
- Almost Half of the Boards of Directors anticipate changes to their business model
- Boards need to track CISO Effectiveness to assess cybersecurity preparedness
Cybersecurity focus is one of several organizational changes seen at the board
“To ensure that cyber risk receives the attention it deserves, many BoDs are forming dedicated committees that allow for discussion of cybersecurity matters in a confidential environment, led by someone deemed suitably qualified,” said Sam Olyaei, research director at Gartner.
“This change in governance and cybersecurity oversight is likely to impact the relationship between the board and the chief information security officer (CISO).”
Also read: Managed Security Services Spending to grow despite COVID headwinds: IDC
The top-performing CISOs regularly meet with three times as many non-IT stakeholders as they do IT stakeholders
CISO Effectiveness Index is an important measure of the CISO’s value addition the BoDs could track for cybersecurity governance. The top-performing CISOs meet with their non-IT stakeholders more frequently than bottom performers.
Gartner also predicts that by 2024, 60% of CISOs will establish critical partnerships with key executives in sales, finance and marketing, up from less than 20% today.
Two-thirds of these top performers meet at least once per month with business unit leaders. About 43% meet with the CEO, 45% with the head of marketing and 30% with the head of sales.
Also read: Cybersecurity a key priority for Australian CIOs: Adobe Survey
BoDs need to be aware of the convergence of cybersecurity and physical security
For asset-intensive enterprises such as utilities, manufacturers and transportation networks, security threats targeting cyber-physical systems present an increasing risk.
Bad actors increasingly target weaknesses wherever they are, as demonstrated by the surge in ransomware and recent supply chain attacks.
No wonder Boards of Directors have categorized the cybersecurity risk as the second highest source of risk for their enterprises.
Gartner predicts that by 2025, 50% of asset-intensive organizations will converge their cybersecurity, physical and supply chain security teams under one chief security officer role that reports directly to the CEO.