Big business finally wake up to cybersecurity threat

Big business is improving its cybersecurity governance across the globe as firms become increasingly aware of digital business risk, a survey has revealed.

Companies are increasingly placing responsibility for cybersecurity outside of the IT department, with almost two-thirds of those surveyed saying their infosecurity schemes were sponsored from leaders in the main part of the business, up from 54% the year before.

A third also claimed that the most senior person responsible for infosecurity was from outside the IT department.

Tom Scholtz, vice president at Gartner, which ran the survey, said: "The primary reasons for establishing this reporting line outside of IT are to improve separation between execution and oversight, to increase the corporate profile of the information security function and to break the mind-set among employees and stakeholders that security is an IT problem.

"Organisations increasingly recognise that security must be managed as a business risk issue, and not just as an operational IT issue."

Despite the shift in interest outside of the IT department, long a contentious issue within cybersecurity, sponsorship of security schemes from the board or chief executive remained at a constant 30% year-on-year.

Business units affected by such programmes also showed little attentiveness, with respondants claiming that only 30% of departments were involved in formulating policy that would affect them.

"Increasing awareness of the impact of digital business risks, coupled with high levels of publicity regarding cybersecurity incidents, are making IT risk a board-level issue," Scholtz said.

"Seventy-one per cent of respondents indicated that IT risk management data influences decisions at a board level. This also reflects an increasing focus on dealing with IT risk as a part of corporate governance."

Differences between different regions were slight when it came to security sponsorship from outside the IT department.

Whilst Asia-Pacific led to the way with two-thirds claiming cybersecurity was supported by mainstream leadership, 63% said the same in Western Europe, and 57% said so in North America.

Slightly under 1,000 people were interviewed by Gartner for the survey, with respondants’ companies earning at least $50m (£32m) in total annual revenue for last year, and employing at least 100 staff.