Role of cybersecurity leader must be 'reframed' - Gartner

Research director Sam Olyaei says the CISO role must evolve to ensure business leaders have the ‘capabilities and knowledge required to make informed decisions’

Role of cybersecurity leader must be 'reframed' - Gartner

Gartner believes the role of the cybersecurity leader must evolve given both the shift in accountability for cyber risk to outside of IT and because of the "increasingly distributed ecosystem", the analyst house has said.

According to the market research firm security and risk management (SRM) leaders are now investing "significantly more effort into evaluating and influencing the cyber health of external parties".

It also claims that employees are making "more decisions with cyber risk implications" and that executive committees are being "established outside the scope of the cybersecurity leader".

Gartner warns partners that this is likely to lead to an environment where cybersecurity leaders will have "less direct control over many of the decisions that would fall under their scope today".

"Cybersecurity leaders are burnt out, overworked and in ‘always-on' mode," said Sam Olyaei, research director at Gartner.

"This is a direct reflection of how elastic the role has become over the past decade due to the growing misalignment of expectations from stakeholders within their organisations.

"The CISO role must evolve from being the ‘de facto' accountable person for treating cyber risks, to being responsible for ensuring business leaders have the capabilities and knowledge required to make informed, high-quality information risk decisions."

Gartner predicts that at least 50 per cent of C-level executives will have performance requirements related to cybersecurity risk built into their employment contracts by 2026.

The researcher adds that this will impact the "timeliness and quality of information risk decisions" which are "increasingly being made by stakeholders outside of IT or security's line of sight".

"In response, Gartner expects to see an inevitable shift in formal accountability to business leaders who are responsible to the CEO for delivering strategic objectives, such as revenue and customer satisfaction," Gartner said.