This year, cybersecurity will be the second most significant risk to enterprise, behind failure to comply with rules and regulations, according to a new report from analyst firm Gartner.
The Gartner 2020 Board of Directors survey reveals that most chief information security officers (CISOs) are not confident in the state of cybersecurity at their organization. While that itself signals trouble, the good news is that they are also more likely to get additional support and resources from the board moving forward.
By 2025, it's predicted that 40% of boards of directors will have a dedicated cybersecurity committee, overseen by a qualified board member. Considering that only 10 percent of boards currently have such an arrangement, this will represent a 300 percent surge in four years.
It was also stated that CISOs should expect executives to shift their attention from performance and health-related issues, to risk-oriented and value-driven exercise.
For asset-intensive enterprises, cyber-risks are transforming into cyber-physical risks, Gartner says. The firm claims that cybercriminals target weaknesses wherever they are found, whether in an operational system or a supply chain.
This, together with the fact that modern cybersecurity efforts are mostly siloed, will force organizations to converge their cyber, physical and supply chain security teams under one chief security officer role.
“To ensure that cyber risk receives the attention it deserves, many boards of directors are forming dedicated committees that allow for discussion of cybersecurity matters in a confidential environment, led by someone deemed suitably qualified,” said Sam Olyaei, Research Director at Gartner.
“This change in governance and oversight is likely to impact the relationship between the board and the chief information security officer (CISO).”