'It's time for executives outside of IT to take responsibility for securing the enterprise' - Gartner

The analyst urged CIOs and CISOs to rebalance accountability for cybersecurity so that it is shared with business and enterprise leaders

'It's time for executives outside of IT to take responsibility for securing the enterprise' - Gartner

The majority of boards of directors (BoDs) view cybersecurity as a business issue and not just a technology problem, according to a new survey from Gartner.

However, results also showed only 12 per cent of BoDs have a dedicated board-level cybersecurity committee.

The 2022 Gartner Board of Directors Survey was conducted via an online survey from May through June 2021 among 273 respondents in the US, Europe and APAC in a board of director role or a member of the corporate board of directors.

"It's time for executives outside of IT to take responsibility for securing the enterprise," said Gartner research VP, Paul Proctor.

"The influx of ransomware and supply chain attacks seen throughout 2021, many of which targeted operation- and mission-critical environments, should be a wake-up call that security is a business issue, and not just another problem for IT to solve."

CIOs and CISOs must rebalance cybersecurity accountability

The research firm added that, even as business leaders are aware of the need to secure the enterprise against new and evolving threats, responsibility for security mostly lies with IT leadership.

The 2021 Gartner Global Security and Risk Management Governance Survey found that, among 615 respondents across North America, EMEA, APAC and Latin America, in 85 per cent of organisations, the CIO, CISO or their equivalent was the top person held accountable for cybersecurity.

Moreover, data found that just ten per cent of organisations held non-IT senior managers accountable.

"IT and security leaders are often considered the ultimate authorities for protecting the enterprise from threats," Proctor added. "Yet, business leaders make decisions every day, without consulting the CIO or CISO, that impact the organisation's security."

Gartner recommends CIOs and CISOs rebalance accountability for cybersecurity so that it is shared with business and enterprise leaders, adding that IT and security leaders work with executives and BoDs to establish governance that shares responsibility for business decisions that affect enterprise security.

Highlights

/news/4046202/staff-salaries-2022

/news/4046158/midwich-ceo-nimans-acquisition-2021-results-returning-pre-pandemic-levels

/news/4046159/vendors-suspend-sales-russia-following-ukraine-invasion