88% of Boards of Directors view cybersecurity as a business risk
Techsense team I 3:59 pm, 19th November
88% of Boards of Directors (BoDs) view cybersecurity as a business risk, as opposed to a technology risk, according to a new survey from Gartner. However, only 12% of BoDs have a dedicated board-level cybersecurity committee.
"It’s time for executives outside of IT to take responsibility for securing the enterprise", said Paul Proctor, distinguished research vice president at Gartner. "The influx of ransomware and supply chain attacks seen throughout 2021, many of which targeted operation and mission-critical environments, should be a wake-up call that security is a business issue, and not just another problem for IT to solve", he added.
CIOs and CISOs must rebalance cybersecurity accountability
Even as business leaders are aware of the need to secure the enterprise against new and evolving threats, responsibility for security mostly lies with IT leadership. A recent Gartner survey found that in 85% of organisations, the CIO, CISO or their equivalent was the top person held accountable for cybersecurity. Just 10% of organisations held non-IT senior managers accountable (see Figure 1).
"IT and security leaders are often considered the ultimate authorities for protecting the company from threats", said Paul Proctor. "Yet, business leaders make decisions every day, without consulting the CIO or CISO, that impact the organisation’s security".
CIOs and CISOs must rebalance accountability for cybersecurity so that it is shared with business and enterprise leaders. Gartner recommends that IT and security leaders work with executives and BoDs to establish governance that shares responsibility for business decisions that affect enterprise security.
Reframe cybersecurity investments from a business lens
Recent research has found that 66% of CIOs intend to increase cybersecurity investments in the coming year. However, Gartner projections show that overall growth in cybersecurity spend will slow through 2023.
"After years of such heavy investment in security, Boards are now pushing back and asking what their dollars have achieved", said Gartner analyst.
As security budgets shrink, CIOs and CISOs will need to collaborate closely with executive leadership to reframe cybersecurity investment in a business context. For example, CISOs can offer a range of protection options to business leaders with the costs and risks of each choice clearly outlined.
According to Paul Proctor, "CIOs and CISOs must leverage their expertise to increase transparency around investment and risk, to drive shared accountability for security across the business".
Subscribe to our Newsletters
Stay up to date with our latest news
more news
"Small is Beautiful": Post Cyberforce, Wins GSMA Telecommunication-ISAC Award
by Kamel Amroune I 7:32 am, 28th February
Embodying the principle that "Small is Beautiful," Post Cyberforce, under the exemplary leadership of Mohamed Ourdane, and Alexandre De Oliveira for his investment in GSMA T-ISAC have been honored with the prestigious GSMA Telecommunication-ISAC awards.
Interview de Paul Jung : Ivanti et les défis de la cybersécurité
by Excellium Services I 8:52 pm, 12th February
Ivanti, un fournisseur américain de logiciels, a été confronté à une série de vulnérabilités majeures affectant ses appliances de VPN professionnel, notamment Ivanti Connect Secure. Ces failles ont été exploitées dans une attaque de grande envergure touchant des milliers de clients répartis dans des secteurs critiques tels que l'aérospatial, la finance, la défense et les télécommunications à l'échelle mondiale. Les entreprises françaises ainsi que des firmes du Fortune 500 figurent parmi les victimes de cette cyberattaque. Bien qu'Ivanti n'ait pas été directement piraté, les experts en cybersécurité, notamment ceux de la firme Volexity, ont identifié des compromissions potentielles de données affectant au moins 1 700 entreprises.Dans cette interview, nous avons eu l'occasion de discuter avec Paul Jung, Responsable des Opérations CSIRT, chez Excellium Services, pour évaluer l'impact de ces vulnérabilités et discuter des mesures à prendre pour renforcer la sécurité des entreprises touchées.
load more