“IT and security leaders are often considered the ultimate authorities for protecting the enterprise from threats,” said Proctor. “Yet, business leaders make decisions every day, without consulting the CIO or CISO, that impact the organization’s security.”
CIOs and CISOs must rebalance accountability for cybersecurity so that it is shared with business and enterprise leaders. Gartner recommends that IT and security leaders work with executives and BoDs to establish governance that shares responsibility for business decisions that affect enterprise security.
Reframe Cybersecurity Investments from a Business Lens
Recent research has found that 66% of CIOs intend to increase cybersecurity investments in the coming year. However, Gartner projections show that overall growth in cybersecurity spend will slow through 2023.
“After years of such heavy investment in security, Boards are now pushing back and asking what their dollars have achieved,” said Proctor.
As security budgets shrink, CIOs and CISOs will need to collaborate closely with executive leadership to reframe cybersecurity investment in a business context. For example, CISOs can offer a range of protection options to business leaders with the costs and risks of each choice clearly outlined.
“CIOs and CISOs must leverage their expertise to increase transparency around investment and risk, to drive shared accountability for security across the business,” said Proctor.
Notes for Editors:
*The 2022 Gartner Board of Directors Survey was conducted via an online survey from May through June 2021 among 273 respondents in the U.S., Europe and APAC in a board of director role or a member of the corporate board of directors.
**The 2021 Gartner Global Security and Risk Management Governance Survey was conducted between April and May 2021 among 615 respondents across North America, EMEA, APAC and Latin America at organizations with at least 100 employees and $50 million in total annual revenue.
Gartner clients can learn more in “CIOs Need to Rebalance Accountability for Cybersecurity With Business Leaders” and in the complimentary Gartner webinar “Roadmap to Renewal: Insights from the 2022 Board of Directors Survey.”
About the Gartner Security & Risk Management Summit
Gartner analysts are providing the latest research and advice for security and risk management leaders at the Gartner Security & Risk Management Summits 2021, taking place virtually November 16-18 in the Americas and November 29-December 1 in EMEA. Follow news and updates from the conferences on Twitter using #GartnerSEC.
About the Gartner Information Technology Practice
The Gartner IT practice provides CIOs and IT leaders with the insights and tools to drive the organization through digital transformation to lead business growth. Additional information is available at www.gartner.com/en/information-technology. Follow news and updates from the Gartner IT practice on Twitter and LinkedIn.