Cybersecurity Confidence Crisis: Are Boards Missing the Big Picture?
A startling 90% of non-executive directors (NEDs) are not fully confident in the value of cybersecurity investments, according to a Gartner survey. This lack of trust is a significant concern, especially when 9 out of 10 board members should be the driving force behind strategic decisions.
But here's the twist: this skepticism might just be the catalyst for positive change. The survey reveals that only 10% of NEDs strongly believe in the value of cybersecurity initiatives, citing an ideal balance of protection and cost. However, the remaining 90% present an opportunity for improvement and education.
The 2026 Gartner Board of Directors Survey, conducted across North America, Latin America, Europe, and Asia/Pacific, gathered insights from 330 NEDs. Gartner's Kristin Moyer highlights the challenge: 'Boards find it challenging to link cybersecurity spending to tangible business outcomes.' This disconnect can leave NEDs unsure about the actual security improvements, as dashboards and compliance reports may sometimes create more confusion than clarity.
The Cyber-Elite's Approach:
Enter the 'sense-maker' CIOs and CISOs, who bridge the complexity gap. These leaders help organizations navigate the intricate world of cybersecurity, earning the board's trust by translating technical details into business value. By connecting cybersecurity to revenue, costs, and shareholder impact, they achieve the 'just right' level of protection and expenditure.
Beyond Cyber Threats:
Boards are not just concerned about cyber risks. They recognize that these risks are part of a larger landscape of external threats. Interestingly, 70% of NEDs identified geopolitical instability and international conflicts as the top external threats to shareholder value in the next year. Additionally, one-third of NEDs consider cyber-risks, technology disruptions, and innovation challenges as significant external threats.
Gartner's Tina Nunno points out that NEDs are well-acquainted with cybersecurity breaches, and new regulations have brought this issue to the forefront. At the same time, AI is both a disruptor and a potential solution, attracting significant board attention.
Technology: A Double-Edged Sword?
NEDs view technology as a growing risk to shareholder value, particularly with AI's disruptive capabilities. Yet, 63% of them believe that investing in technology and innovation is the best strategy to tackle global volatility. This belief is further emphasized by Gartner's findings, where AI is ranked as the top investment expected to positively impact shareholder value in the next two years.
Controversial Perspective:
The survey also reveals a bold stance from boards, with 71% encouraging more technology risk-taking. This approach might be seen as controversial, as it could potentially expose organizations to unforeseen challenges. Are boards being overly optimistic about technology's problem-solving abilities? Or is this a necessary step towards future-proofing businesses?
Gartner offers additional resources for clients to explore, including strategies for building board confidence in cybersecurity and insights into shareholder technology priorities. Moreover, an ebook on maximizing AI's value in cybersecurity provides a comprehensive guide to managing risks and optimizing impact.
The Bottom Line:
While the survey highlights a confidence gap, it also presents an opportunity to educate and engage NEDs in the critical role of cybersecurity. As technology continues to evolve, finding the right balance between protection and innovation will be key. What do you think? Is the board's confidence in cybersecurity a fair assessment, or is there more to the story? Share your thoughts and let's spark a conversation!
