sb-as logo
Story image

40% of boards will have dedicated cybersecurity committees by 2025 — Gartner

30 Jan 2021

There will be a surge in dedicated cybersecurity committees in organisations across the world in the next few years, according to new data released today from Gartner.

According to the analyst firm, 40% of boards of directors will feature such a committee, overseen by a qualified board member, by 2025. This is up from less than 10% today.

It’s just one of many steps expected to be taken by organisations in response to greater risk created by the expanded digital footprint of organisations during the pandemic.

The perception and acknowledgement of this risk is such that cybersecurity-related risk is rated by several boards of directors as the second-highest source of risk for the enterprise (behind regulatory compliance risk).

Despite this, many executives surveyed by Gartner are not confident that their organisations are adequately secured against cyber-attacks.

“To ensure that cyber risk receives the attention it deserves, many boards of directors are forming dedicated committees that allow for discussion of cybersecurity matters in a confidential environment, led by someone deemed suitably qualified,” says Gartner research director Sam Olyaei.

“This change in governance and oversight is likely to impact the relationship between the board and the CISO.”

CISOs will also have more significant roles within the context of the wider company, and will be expected to establish critical partnerships with executives in sales, finance and marketing. Gartner predicts 60% of CISOs will take on this extra responsibility — up from less than 20% today.

“Effective CISOs realise that heads of sales, marketing and business unit leaders are now key partners as the use of technology and, subsequently, the incurrence of risk happens outside of IT,” says Olyaei.

Cyber, physical and supply chain security converge

For asset-intensive enterprises such as utilities, manufacturers and transportation networks, security threats targeting cyber-physical systems present an increased risk to the organisation, Gartner says.

Bad actors increasingly target weaknesses wherever they are, as demonstrated by the surge in ransomware affecting organisations’ operational systems and recent supply chain attacks.

The siloed nature of today’s security disciplines then becomes its own risk and a liability to the organisation, and the IT-centric focus of most security teams needs to expand to include threats in the physical world.

Gartner predicts that by 2025, 50% of asset-intensive organisations will converge their cyber, physical and supply chain security teams under one chief security officer role that reports directly to the CEO.

Remote work can improve access to IT security talent

Gartner research conducted pre-COVID-19 found that 61% of organisations surveyed struggled to find and hire security professionals.

“As organisations shifted to remote working in response to the pandemic, it proved that some, if not all, security capabilities could be delivered remotely,” says Gartner senior research director Richard Addiscott.

This includes security monitoring/operations, policy development, security governance and reporting, security awareness, and incident response via dispersed teams. 

“Cybersecurity teams can work remotely and still provide effective capabilities.”

Story image
Video: 10 Minute IT Jams - Radware VP on the challenges of cloud security
In this interview, Techday speaks to Radware vice president of technologies Yaniv Hoffman, who discusses the primary challenges facing IT organisations in terms of their cloud security apparatus.More
Story image
WatchGuard uncovers top cyber threat trends of Q4 2020
“The rise in sophisticated, evasive threat tactics last quarter and throughout 2020 showcases how vital it is to implement layered, end-to-end security protections."More
Story image
Cohesity appoints its very first CISO
In the newly created role, new appointee Brian Spanswick will focus on advancing and optimising IT and security for Cohesity and its customers, the company says.More
Story image
Attivo Networks expands Active Directory suite for greater protection
"We see Active Directory exploitation used in the majority of ransomware, insider and advanced attacks. We are pleased to now offer our customers early and efficient solutions for preventing the misuse of Active Directory.”More
Story image
Users becoming more savvy with COVID phishing scams
“With COVID-19 being around for over a year now and employees becoming more aware of the types of scams that have come out related to the pandemic, cyber criminals are having less success with related phishing attacks."More
Link image
Webinar: Securing privileged access to stop attackers in their tracks
Thycotic's immersive webinar will demonstrate how attackers acquire passwords on endpoints and access critical cloud applications — without being detected.More