Gartner: Surge in company cybersecurity committees predicted
By 2025, around 40% of boards of directors will have a dedicated cybersecurity committee, up from 10% today, according to the latest research by Gartner.
This is one of several steps Gartner expects to see organisations take in response to greater risks created by the expanded digital footprint organisations during the pandemic. According to Gartner research in 2020, 69% of Boards of Directors accelerated their digital business initiatives in the wake of pandemic disruption.
Cyber-attacks: a real and increasing risk
This increase reliance of digital will mean cyber incidents become more of a risk. According to the Gartner’s 2020 Board of Directors Survey, cybersecurity-related risk is the second-highest source of risk for organisations, after regulatory compliance risk.
Despite the surge, however, very few company directors feel confident that their organisation is properly secured against a cyberattack.
To ensure cyber risk is adequately addressed, many boards of directors are “forming dedicated committees that allow for discussion of cybersecurity matters in a confidential environment led by someone deemed suitably qualified,” says Sam Olyaei, research director at Gartner.
Changing role of chief information security officers
This change in governance and oversight is likely to see the Chief Information Security Officer (CISO) undergo more scrutiny, but also receive more support and resources, with executive conversations shifting from performance and health to risk-oriented and value-driven exercises.
Gartner further predicts that by 2024, 60% of CISOs will establish critical partnerships with key executives in sales, finance and marketing, up from less than 20% today.
Cyber, physical and supply chain security converge
When it comes to asset-intensive organisations like utilities, manufacturers and transportation networks, cyber-physical security incidents will be a growing risk, predicts Gartner, with the financial impact of cyber-physical systems’ attacks resulting in fatal casualties reaching over US$50 billion by 2023.
As a result, Gartner asserts that by 2025, half of asset-intensive organisations will converge their cyber, physical and supply chain security teams under one chief security officer role that directly reports to the CEO.