Cyber risk set to become a global societal issue

Stamford, Ct (USA)

Eighty-eight percent of boards regard cyber security as a business risk rather than solely a technical IT problem, according to a recent Gartner survey. Thirteen percent have responded by instituting cyber security-specific board committees overseen by a dedicated director.

Gartner predicts that at least 50% of C-level executives will have performance requirements related to cyber security risk built into their employment contracts by 2026.

This impacts the timeliness and quality of information risk decisions, which are increasingly being made by stakeholders outside of IT or security’s line of sight. In response, Gartner expects to see an inevitable shift in formal accountability to business leaders who are responsible to the CEO for delivering strategic objectives, such as revenue and customer satisfaction.

As formal accountability for cyber risk shifts to the business, Gartner analysts said the role of the cyber security leader must be reframed to succeed.

“The CISO role must evolve from being the “de facto’” accountable person for treating cyber risks, to being responsible for ensuring business leaders have the capabilities and knowledge required to make informed, high-quality information risk decisions,” said Olyaei.

Cyber security will be included in ESG disclosures

Investor interest, public pressure, employee demands, and government regulations are strengthening the incentives for organisations to track and report cyber security goals and metrics within their environmental, social and governance (ESG) efforts as a business requirement.

As a result, Gartner predicts that 30% of large organisations will have publicly shared ESG goals focused on cybersecurity by 2026, up from less than 2% in 2021.

“Expectations that organisations should be more transparent about their security risks have increased, resulting in public demand for greater transparency within their ESG reporting,” said Claude Mandy, research director at Gartner. “Cyber security is no longer solely a risk to the organisation, but a societal risk.”

SRM leaders will increasingly have to demonstrate an organisational commitment to reducing the social issues that may arise from cyber security incidents, such as data breaches of customer personal information; potential safety concerns from use of cyber-physical systems; potential for misuse and abuse within their products; and malicious cyber activity  against critical infrastructure.


Product Suppliers
Back to top