Nov 2, 2021
105 Views
0 0

Boards elevate cybersecurity to a business risk

Written by

Enterprises are shifting away from consider security solely a technology risk, though the main focus on the board still centers on economic uncertainty, Gartner research shows.
First published on
More boards of directors are willing to take risks in the name of long-term growth, a shift from an era when companies could afford to make conservative decisions or investments. As members recalibrate risk tolerance, cybersecurity is part of their assessment.
Boards “recognize that [remaining conservative] in this period of uncertainty is a mistake and hence they’re willing to kind of change the mindset to say that even in the face of incomplete information, we are comfortable [making] decisions,” said Partha Iyengar, distinguished research vice president at Gartner. 
Almost three in five boards have increased or expect to increase their risk appetite heading into next year, according to research released Thursday at the virtual Gartner IT Symposium/Xpo. The results are based on a survey of 273 members of the board or board directors. 
Boards are shifting focus beyond survival, looking for ways to foster future growth that is faster than pre-pandemic levels, Iyengar said, in an interview ahead of Symposium. 
For 38% of boards of directors, economic uncertainty is the biggest source of risk, according to Gartner data. But more companies are looking at cybersecurity as a business risk, independent from technology. 
Nine in 10 board members consider cybersecurity a business risk, a 35 percentage point increase over views expressed in 2016, Iyengar said. 
While cybersecurity is gaining board-level attention, it has not directly influenced board construction. 
In the U.S., cybersecurity issues are still handled under the risk and audit subcommittee. Only one-quarter of U.S. boards have a technology and digital subcommittee, compared to Asia-Pacific, where they’re found in more than three-quarters of boards, Iyengar said. 
“All of the issues that otherwise would have been handled by the board-level committee, in the U.S. context, is actually pushed deep into the risk and audit committee,” he said.
What this means is that the function of the risk and audit committee changes, where they don’t just look at the breaches of cybersecurity as a technology issue, but look at what it means for the business, assessing changes to investments and governance structure, according to Iyengar
“Especially in the U.S., with some industries where the boards have been held personally liable for cybersecurity breaches, I think it’s acquired an even more sense of urgency,” Iyengar said.
For the majority of boards, digital technology initiatives are the main priority, particularly around efforts to adopt, upgrade and integrate technologies, Gartner research shows. Boards of directors are also prioritizing cybersecurity, automation and AI/ML and digital transformation. 
While CFOs are becoming more comfortable with risk, executive leaders are focused on driving digital business issues amid an internal and external talent crunch. 
Pre-pandemic, the biggest challenges for businesses were enterprise culture, access to capital and access to skills. Now, organizations are trying to accelerate digital transformation plans, Iyengar said. “You’re taking a five year window and compressing it into 18 months — the crisis around talent and workforce has not just gone up linearly, it’s gone up by orders of magnitude.”
Boards are aware of the workforce concerns and the impact they can have on business growth and development. Workforce efforts around retention, training and hiring are the No. 2 priority going into next year, according to Gartner. 
Follow on Twitter
As more states legalize recreational use, employers in the public and private sector may need to change how they hire for cybersecurity.
Insurers joined high-profile CEOs at the White House summit last week to discuss how to improve national cybersecurity. For one insurance CEO, the industry needs three points of improvement.
Subscribe to Cybersecurity Dive for top news, trends & analysis
As more states legalize recreational use, employers in the public and private sector may need to change how they hire for cybersecurity.
Insurers joined high-profile CEOs at the White House summit last week to discuss how to improve national cybersecurity. For one insurance CEO, the industry needs three points of improvement.
Get the free daily newsletter read by industry experts
The free newsletter covering the top industry headlines

source

Article Categories:
Cybersecurity News

Comments are closed.