The latest enterprise risk management news from around the world

Boards will increasingly establish a dedicated cyber security committee says Gartner

By 2025, 40 percent of boards of directors will have a dedicated cyber security committee overseen by a qualified board member, up from less than 10 percent today, according to Gartner, Inc. This is one of several organizational changes Gartner expects to see at the board, management and security team level in response to greater risk created by the expanded digital footprint of organizations during the pandemic.

According to the Gartner 2020 Board of Directors Survey, cyber security-related risk is rated as the second-highest source of risk for the enterprise, following regulatory compliance risk. However, relatively few directors feel confident that their company is properly secured against a cyber attack.

“To ensure that cyber risk receives the attention it deserves, many boards of directors are forming dedicated committees that allow for discussion of cyber security matters in a confidential environment, led by someone deemed suitably qualified,” said Sam Olyaei, research director at Gartner. “This change in governance and oversight is likely to impact the relationship between the board and the chief information security officer (CISO).”

While CISOs should experience more scrutiny as a result, they are also likely to receive more support and resources, according to Gartner. CISOs must expect executive conversations to shift away from performance and health-related discussions to risk-oriented and value-driven exercises.

Gartner clients can read more in the report Predicts 2021: Cybersecurity Program Management and IT Risk Management.

Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.