Gartner Research

CIOs Should Manage Technology Risk and Cybersecurity Through the Lens of Business Value

Published: 03 November 2016

ID: G00314523

Analyst(s): Paul Proctor

Summary

CIOs should address technology risk and cybersecurity challenges through the lens of business value to deliver appropriate levels of protection that support business outcomes. Treat cybersecurity like a business function.

Table Of Contents
  • Key Challenges

Introduction

  • Digital Business Changes Everything About Technology Risk and Cybersecurity
    • Leadership and Governance
    • The Evolving Threat Environment
    • Cybersecurity at the Speed of Digital Business
    • Cybersecurity at the New Edge
    • People and Process: Cultural Change

Analysis

  • Create Executive Awareness and Appetite to Manage and Accept Appropriate Levels of Risk That Support Business Outcomes
    • Introduce Your Non-IT Executives to the Notion That There Is No Such Thing as Perfect Protection
    • Identify Opportunities to Use People-Centric Security to Address Behavior Change
  • Build and Formalize a Risk-Based Approach and Program
    • Formalize and Measure a Risk and Security Program That Delivers Variable Levels of Protection
    • Formalize Risk Assessment Capabilities to Avoid a Paper-Pushing Exercise That Delivers No Value
    • Shift Security Investment to Detection and Response
  • Manage Cultural Change to Create a Risk-Engaged Culture
    • Develop a Risk-Engaged Culture to Socialize the Idea of Consciously Accepting Risk
  • Transform Technology Risk and Cybersecurity Into a Business Function

Case Study

Gartner Recommended Reading

©2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.

Already have a Gartner Account?

Purchase this Document

To purchase this document, you will need to register or sign in above

Become a client

Learn how to access this content as a Gartner client.