My TechDecisions

Compliance, IT Infrastructure, News

Cyber Risk Accountability Is Shifting Outside Of IT

C-level executives will have more accountability when it comes to cybersecurity risk and tracking metrics, Gartner says.

Leave a Comment

Cybersecurity, Endpoint management security, Syxsense
sarayut_sy/stock.adobe.com

Accountability for cybersecurity risk is shifting outside of IT, and the role of the cybersecurity leader needs to evolve, Gartner says in a new report.

According to Gartner, security and risk managers are investing more effort into evaluating and influencing the cyberhealth of external parties, employees are making more decisions with cyber risk implications and executive-level committees are being established outside the scope of the cybersecurity leader.

The firm’s analysts say those factors will lead to an environment where cybersecurity leaders will have less direct control over many decisions that would normally fall under their scope today.

Due to the growing misalignment of expectations from stakeholders, cybersecurity leaders are becoming burnt out and overworked, says Sam Olyaei, research director at Gartner, in a statement.

“The CISO role must evolve from being the ‘de facto’ accountable person for treating cyber risks, to being responsible for ensuring business leaders have the capabilities and knowledge required to make informed, high-quality information risk decisions,” said Olyaei.

According to Gartner, 80% of boards review cybersecurity as a business risk rather than just an IT issue, and 13% of organizations now have a cybersecurity-specific board overseen by a dedicated director.

Now, at least 50% of C-level executives will have performance requirements related to cybersecurity risk by 2026, which impacts the timeliness and quality of information risk decisions, which are being made outside of IT’s line of sight.

As a result, Gartner expects to see a shift in accountability to business leaders who are responsible to the CEO, the firm says.

With pressure from investors, the public, employees and regulations strengthening incentives for tracking cybersecurity metrics within environmental, social and governance (ESG) efforts, Gartner predicts that 30% of large organizations will share ESG goals focused on cybersecurity by 2026, up from less than 2% last year.

“Expectations that organizations should be more transparent about their security risks have increased, resulting in public demand for greater transparency within their ESG reporting,” said Claude Mandy, research director at Gartner. “Cybersecurity is no longer solely a risk to the organization, but a societal risk.”

Reader Interactions

Leave a Reply

Your email address will not be published.

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Four IT Trends That Will Define 2023
Expert Series: Four IT Trends That Will Define 2023

Learn about four key technologies we identified as critical to your IT organization’s success in 2023, as well as how to invest in new innovations ...

Harnessing the Power of Digital Signage
Harnessing the Power of Digital Signage

Choosing the best solutions for messaging, branding, and communicating in today’s content-everywhere landscape

Blueprint Series Cover: What works for hybrid work
Blueprint Series: What Works for Hybrid Work

Download this free resource to learn about how IT leaders can effectively manage and implement a hybrid work model.

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ