View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Big business finally wake up to cybersecurity threat

Firms belatedly discover ‘security must be managed as a business risk.’

By Jimmy Nicholls

Big business is improving its cybersecurity governance across the globe as firms become increasingly aware of digital business risk, a survey has revealed.

Companies are increasingly placing responsibility for cybersecurity outside of the IT department, with almost two-thirds of those surveyed saying their infosecurity schemes were sponsored from leaders in the main part of the business, up from 54% the year before.

A third also claimed that the most senior person responsible for infosecurity was from outside the IT department.

Tom Scholtz, vice president at Gartner, which ran the survey, said: "The primary reasons for establishing this reporting line outside of IT are to improve separation between execution and oversight, to increase the corporate profile of the information security function and to break the mind-set among employees and stakeholders that security is an IT problem.

"Organisations increasingly recognise that security must be managed as a business risk issue, and not just as an operational IT issue."

Despite the shift in interest outside of the IT department, long a contentious issue within cybersecurity, sponsorship of security schemes from the board or chief executive remained at a constant 30% year-on-year.

Business units affected by such programmes also showed little attentiveness, with respondants claiming that only 30% of departments were involved in formulating policy that would affect them.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

"Increasing awareness of the impact of digital business risks, coupled with high levels of publicity regarding cybersecurity incidents, are making IT risk a board-level issue," Scholtz said.

"Seventy-one per cent of respondents indicated that IT risk management data influences decisions at a board level. This also reflects an increasing focus on dealing with IT risk as a part of corporate governance."

Differences between different regions were slight when it came to security sponsorship from outside the IT department.

Whilst Asia-Pacific led to the way with two-thirds claiming cybersecurity was supported by mainstream leadership, 63% said the same in Western Europe, and 57% said so in North America.

Slightly under 1,000 people were interviewed by Gartner for the survey, with respondants’ companies earning at least $50m (£32m) in total annual revenue for last year, and employing at least 100 staff.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.