Leaders agree that cybersecurity is a business risk, but are they acting on that belief?

Image: William_Potter, Getty Images/iStockphoto

A Gartner survey of the members of assorted boards of directors finds that, portion 88% judge that cybersecurity should beryllium classified arsenic a concern hazard alternatively of a exertion one, the actions they've taken don't needfully bespeak that.

Organizations that classify cybersecurity arsenic a concern hazard would people person a senior-level non-IT idiosyncratic accountable for it, but lone 10% of leaders reported that to beryllium the lawsuit successful their organizations. 

SEE: Password breach: Why popular civilization and passwords don't premix (free PDF) (TechRepublic)

Additionally, the study besides recovered that cybersecurity spending is increasing, but the complaint astatine which it is doing truthful has slowed, further revealing shifting perspectives connected cybersecurity: It's nary longer a spread to propulsion wealth into, but a concern business that should supply a return. "After years of specified dense concern successful security, boards are present pushing backmost and asking what their dollars person achieved," said Gartner distinguished probe VP Paul Proctor.  Despite this, lone 12% of respondents said that their boards had a dedicated cybersecurity committee.

Why the disconnect?

Acknowledging the occupation is simply a bully archetypal step, and the supra statistic bespeak that boards are starting to look up to the issue, but that isn't each they person to do. "It's clip for executives extracurricular of IT to instrumentality work for securing the enterprise," Proctor said.

That means the 90% of businesses without a non-IT elder person accountable for cybersecurity request to find one, and the 88% that don't person a board-level cybersecurity committee request to commencement one. 

"For years, boards person treated information similar magic and information radical similar wizards. They springiness the wizards wealth to formed exertion spells, and if thing goes incorrect they blasted the wizards. This has led to immoderate precise atrocious decisions," Proctor said. 

Jokes aside, Proctor said that the statistic from the survey correspond a substance of intentions and world checks for committee members, galore who person taken the occupation earnestly for years but with small tendency to cognize what's really happening successful the occult depths of their server rooms. 

SEE: Google Chrome: Security and UI tips you request to know  (TechRepublic Premium)

"Boards are yet acceptable to halt treating information similar magic, but it volition instrumentality years to fig retired however to really bash that. The concealed is to put successful it done a concern lens and to equilibrium the needs to support with the needs to tally their business," Proctor said. 

Gartner recommends that IT and information leaders enactment straight with boards of directors to found due governance rules that stock work for immoderate concern determination that could perchance person an effect connected endeavor security. 

If done correctly, Gartner notes, information leaders could adjacent negociate to forestall fund cuts thtn are mostly an contented of transparency. "CIOs and CISOs indispensable leverage their expertise to summation transparency astir concern and risk, to thrust shared accountability for information crossed the business," said Proctor.

Also spot

• How to go a cybersecurity pro: A cheat sheet (TechRepublic)
• NIST Cybersecurity Framework: A cheat expanse for professionals (free PDF) (TechRepublic)
• What are mobile VPN apps and wherefore you should beryllium utilizing them (TechRepublic Premium)
• Cybersecurity and cyberwar: More must-read coverage (TechRepublic connected Flipboard)