Gartner has said 80 per cent of security risk managers will report directly to the chief executive officer within two years.

esearch vice president Andrew Walls told said security and risk managers who adapt to change would enable a business to survive.
"By 2014, 80 percent of risk leaders will need to report on risk compliance and security postures to the board of directors, not just the CEO," Walls said.
"In order to stay relevant, security and risk leaders need to develop new abilities in the face of a drive in change."
![]() |
Gartner also launched its 'Nexus of forces' that combined social, mobile, cloud and information which Walls said "redefines forces and changes our role as risk and security leaders".
“Security and risk managers face an exciting future – users and enterprises are racing ahead to mandate changes for success. To meet these challenges we need to redefine roles and deliver appropriate levels of security anywhere at any time. We must be there first to protect, detect and remediate and drive better business performance in the face of uncertainty.”
Gartner research vice president Paul Proctor who likened the reactive nature of security to the addition of safety features to cars, saying that it was a "requirement in response to government regulation".
“Information security and risk management have a history of being reactive, we quarantine, block or 'just say no', so how can you say that is in-line with the business? The Nexus changes the role of security and risk management, it has to be integrated and promote desired business outcomes. You cannot align with the business; you need to be the business
“Risk management is the explicit recognition that you cannot protect yourself against everything. Make decisions about what [you are] going to do to protect yourself and what you are not going to do.”