Gartner predicts that 40% of boards of directors will have a dedicated cybersecurity committee overseen by a qualified board member by 2025, up from less than 10% today.
This is one of several organisational changes the advisory firm expects to see at the board, management and security team level, in response to greater risk created by the expanded digital footprint of organizations during the pandemic.
Cybersecurity-related risk is rated as the second-highest source of risk for the enterprise, following regulatory compliance risk, according to the Gartner 2020 Board of Directors Survey.
However, relatively few directors feel confident that their company is properly secured against a cyberattack, the firm pointed out.
The 2021 Gartner Board of Directors Survey was conducted via an online survey from May through June 2020 with 265 respondents in the US, EMEA and Asia Pacific in a board of director role or a member of the corporate board of directors, the firm said.
Critical partnership between security, finance, sales, and marketing
To ensure that cyber risk receives the attention it deserves, many boards of directors are forming dedicated committees that allow for discussion of cybersecurity matters in a confidential environment, led by someone deemed suitably qualified, said Sam Olyaei, research director at Gartner.
“This change in governance and oversight is likely to impact the relationship between the board and the chief information security officer (CISO),” Olyaei added.
Gartner also predicts that by 2024, 60% of CISOs will establish critical partnerships with key executives in sales, finance and marketing, up from less than 20% today.
Cyber, physical and supply chain security converge
For asset-intensive enterprises such as utilities, manufacturers and transportation networks, security threats targeting cyber-physical systems present an increasing risk to the organisation, Gartner noted.
Bad actors increasingly target weaknesses wherever they are, as demonstrated by the surge in ransomware affecting organisations’ operational systems and recent supply chain attacks, the firm observed.
The siloed nature of today’s security disciplines then becomes its own risk and a liability to the organisation, and the IT-centric focus of most security teams needs to expand to include threats in the physical world, Gartner advised.
Gartner predicts that by 2025, 50% of asset-intensive organisations will converge their cyber, physical and supply chain security teams under one chief security officer role that reports directly to the CEO.
