Boards will increasingly establish a dedicated cyber security committee says Gartner

Published: Tuesday, 02 February 2021 08:31

By 2025, 40 percent of boards of directors will have a dedicated cyber security committee overseen by a qualified board member, up from less than 10 percent today, according to Gartner, Inc. This is one of several organizational changes Gartner expects to see at the board, management and security team level in response to greater risk created by the expanded digital footprint of organizations during the pandemic.

According to the Gartner 2020 Board of Directors Survey, cyber security-related risk is rated as the second-highest source of risk for the enterprise, following regulatory compliance risk. However, relatively few directors feel confident that their company is properly secured against a cyber attack.

“To ensure that cyber risk receives the attention it deserves, many boards of directors are forming dedicated committees that allow for discussion of cyber security matters in a confidential environment, led by someone deemed suitably qualified,” said Sam Olyaei, research director at Gartner. “This change in governance and oversight is likely to impact the relationship between the board and the chief information security officer (CISO).”

While CISOs should experience more scrutiny as a result, they are also likely to receive more support and resources, according to Gartner. CISOs must expect executive conversations to shift away from performance and health-related discussions to risk-oriented and value-driven exercises.

Gartner clients can read more in the report Predicts 2021: Cybersecurity Program Management and IT Risk Management.