KUALA LUMPUR (Nov 22): A majority (88%) of company officials have classified cybersecurity as a business risk, while just 12% called it a technology risk.

Technology research and consulting firm Gartner Inc in its 2022 Gartner Board of Directors Survey, however, said that the chief information officers, the chief information security officers or their equivalent were held accountable for cybersecurity at 85% of organisations.

It said organisations had become far more vulnerable to cyberthreats because digital information and technology are now so heavily integrated into day-to-day work.

But Gartner said the attacks themselves, which target both information and critical infrastructure, are also becoming far more sophisticated.

It said cyber-risk incidents can have operational, financial, reputational and strategic consequences for an organisation, all of which come at significant costs.

This has made existing measures less effective, and it means that most organisations need to up their cybersecurity game.

Gartner said that historically, firms had been extremely risk-averse and conservative in their decision-making.

It said that for information technology (IT) executives, this change requires being prepared to provide the board with data, analytics, predictive analytics and pattern recognition, so that it can make more informed decisions.

The goal is no longer to avoid risk, but rather to separate good risk from bad, it said.

The poll showed that continued and growing long-term economic uncertainty continued to be the top risk to business performance, followed by disruptive business models from competitors and cost inflation due to supply shortages.

The most significant risk is the permanent change in behaviour of customers, which worries boards in terms of what has shifted during the Covid-19 pandemic and whether that would continue post-pandemic.

If customer sentiments permanently shift, organisations must change with them or lose market share.

Gartner said that in 2016, it began seeing a major change in attitudes around cybersecurity as leaders started to recognise the significant impact a cybersecurity incident could have on an organisation.

It said in the past five years, the percentage of boards that considered cybersecurity a business risk had risen from 58% to 88%.

Gartner said this was true for 40% of boards, which saw the dollars shift out of a centralised technology IT budget.

It said that traditionally, IT owned this budget, but now it plays a role of facilitator, mentor and orchestrator to help functions deliver on outcomes and leverage technology budgets.