88 Percent of Boards of Directors View Cybersecurity As Business Risk

However, only 12 percent of BoDs have a dedicated board-level cybersecurity committee.

Even as business leaders are aware of the need to secure the enterprise against new and evolving threats, responsibility for security mostly lies with IT leadership. A recent Gartner survey found that in 85 percent of organizations, the CIO, CISO or their equivalent was the top person held accountable for cybersecurity. Just 10 percent of organizations held non-IT senior managers accountable.

CIOs and CISOs must rebalance accountability for cybersecurity so that it is shared with business and enterprise leaders. Gartner recommends that IT and security leaders work with executives and BoDs to establish governance that shares responsibility for business decisions that affect enterprise security.

Recent research has found that 66 percent of CIOs intend to increase cybersecurity investments in the coming year. However, Gartner projections show that overall growth in cybersecurity spend will slow through 2023. As security budgets shrink, CIOs and CISOs will need to collaborate closely with executive leadership to reframe cybersecurity investment in a business context. For example, CISOs can offer a range of protection options to business leaders with the costs and risks of each choice clearly outlined.