The majority of managers believe that IT risk management data genuinely influences board decisions, according to Gartner.

The increasing focus on IT risk was revealed in Gartner’s annual end-user survey for privacy and information security, which found that 71% of managers believed IT risk management data had an impact at board level.

Almost 40% of survey respondents said that the most senior person responsible for information security reports outside of the IT organization.

“The primary reasons for establishing this reporting line outside of IT are to improve separation between execution and oversight, to increase the corporate profile of the information security function and to break the mindset among employees and stakeholders that security is an IT problem,” said Tom Scholtz, vice president and Gartner Fellow told told hotforsecurity.com.

The overall trend seems to indicate that increasingly senior levels are supporting security programmes, with 63% of respondents telling Gartner that they receive sponssorship from outside the IT team, up considerably from 54% in 2014.

“Organizations increasingly recognize that security must be managed as a business risk issue, and not just as an operational IT issue. There is an increasing understanding that cybersecurity challenges go beyond the traditional realm of IT into areas such as operational technology (OT) and Internet of Things security,” Scholtz continued.

“Increasing awareness of the impact of digital business risks, coupled with high levels of publicity regarding cybersecurity incidents, are making IT risk a board-level issue.”

Gartner surveyed 964 respondents in large organizations — with at least $50 million equivalent in total annual revenue for fiscal year 2014, and with a minimum of 100 employees — in seven countries between February and April 2015.