According to a new report from Gartner, 88% of Boards of Directors perceive cybersecurity to be a business risk rather than a technical risk. Only 12% of boards of directors, on the other hand, have a dedicated cybersecurity committee.
During the Gartner Security & Risk Management Summit Americas, a virtual event that took place on Thursday, Gartner analysts discussed the need to treat cybersecurity as a business decision.
Despite the fact that business leaders are aware of the need to protect the business from new and emerging risks, IT leaders are primarily responsible for ensuring safety. According to a recent Gartner survey, the CIO, CISO, or their equivalent was the top person held accountable for cybersecurity in 85 percent of firms. Only 10% of companies held non-IT senior executives accountable.
“IT and security leaders are often considered the ultimate authorities for protecting the enterprise from threats, Yet, business leaders make decisions every day, without consulting the CIO or CISO, that impact the organization’s security.”Paul Proctor, Research Vice President at Gartner
“It’s time for executives outside of IT to take responsibility for securing the enterprise,” said Paul Proctor. “The influx of ransomware and supply chain attacks seen throughout 2021, many of which targeted operation- and mission-critical environments, should be a wake-up call that security is a business issue and not just another problem for IT to solve.”
Calling CIOs and CISOs to rebalance accountability for cybersecurity so that it is shared with business and enterprise leaders. Gartner recommended IT and security leaders collaborate with executives and boards of directors to build governance that distributes responsibility for security-related business decisions.
According to recent research, 66% of CIOs intend to increase cybersecurity investments in the coming year. However, Gartner’s forecast says that overall growth in cybersecurity spend will slow through 2023.
“CIOs and CISOs must leverage their expertise to increase transparency around investment and risk, to drive shared accountability for security across the business,” said Proctor.
Gartner’s recent press release suggests, ‘As security budgets shrink, CIOs and CISOs will need to collaborate closely with executive leadership to reframe cybersecurity investment in a business context. For example, CISOs can offer a range of protection options to business leaders with the costs and risks of each choice clearly outlined.’