Gartner has warned that cybersecurity leaders are burnt out, overworked and in ‘always-on’ mode and the role evolves as accountability for cyber risk moves outside of IT and because of the “increasingly distributed ecosystem”.
According to the market research firm, security and risk management (SRM) leaders are investing “significantly more effort into evaluating and influencing the cyber health of external parties”.
It claims that employees are making “more decisions with cyber risk implications” and that executive committees are being “established outside the scope of the cybersecurity leader”.
Gartner warns partners that this is likely to lead to an environment where cybersecurity leaders will have “less direct control over many of the decisions that would fall under their scope today.”
Gartner research director Sam Olyaei said: “Cybersecurity leaders are burnt out, overworked and in ‘always-on’ mode. This is a direct reflection of how elastic the role has become over the past decade due to the growing misalignment of expectations from stakeholders within their organisations.
“The CISO role must evolve from being the ‘de facto’ accountable person for treating cyber risks to being responsible for ensuring business leaders have the capabilities and knowledge required to make informed, high-quality information risk decisions.”
Gartner predicts that at least half of C-level executives will have performance requirements related to cybersecurity risk built into their employment contracts by 2026.
The researcher adds that this will impact the “timeliness and quality of information risk decisions” which are “increasingly being made by stakeholders outside of IT or security’s line of sight”.
“In response, Gartner expects to see an inevitable shift informal accountability to business leaders who are responsible to the CEO for delivering strategic objectives, such as revenue and customer satisfaction”, Gartner said.