Gartner Survey Finds 90% of Non-Executive Directors Lack a Measure of Confidence in Cybersecurity Value

Ninety percent of non-executive directors (NEDs) lack a measure of confidence in cybersecurity value, according to a new survey from Gartner, Inc., a business and technology insights company.

Only 10% of NEDs express strong confidence in the value of cybersecurity investments or initiatives, stating they have the right balance of protection and cost. Yet, NED’s skepticism in cybersecurity value is a resource for change. Sense-maker CIOs and CISOs, who form the cyber-elite and help their organizations understand and respond to complexity and change have managed to earn their boards’ trust on “just right” levels of protection and cost.

The 2026 Gartner Board of Directors Survey was conducted from April 14 – May 22, 2025 among 330 respondents from North America, Latin America, Europe and Asia/Pacific, who are in a non-executive director role of private or public companies.

“Boards often struggle to connect cybersecurity investments to real business outcomes,” said Kristin Moyer, Distinguished VP Analyst at Gartner. “Dashboards and compliance updates can confuse rather than reassure, leaving NEDs uncertain about whether their organization is truly more secure. Sense-maker CIOs and CISOs earn board consensus on right levels of protection and cost by translating the complexity of cybersecurity into business value such as revenue, cost and shareholder impact.”

Boards are seeking clear insights into how specific threats translate into real risks for their organizations. Sense-maker CIOs and CISOs provide transparency on actual exposure levels and readiness for threats, moving beyond general cyberthreat trends, to empower NEDs with the information needed for informed decisions.

Top External Threats Impacting Shareholder Value

While boards are seeking greater clarity on cyber risks, they also recognize that these risks are part of a broader set of external threats facing organizations today. Seventy percent of NEDs identified geopolitical instability and international conflict as the most significant external threats to shareholder value in the next 12 months. Notably, one in three NEDs viewed cyber-risks, technology disruption and innovation challenges as top external threats to shareholder value in the year ahead.

“Virtually all NEDs have experienced a cybersecurity breach either as executive leaders or during their tenure as board members,” said Tina Nunno, Managing VP at Gartner. “New security regulations have placed this topic front-and-center on board agendas. At the same time, AI is causing significant business disruption—and has gained considerable attention from boards.”

Technology Seen as Both a Risk and a Key to Navigating Volatility

Although technology is viewed by NEDs as an emerging risk area to shareholder value—including AI’s disruptive potential—it is also seen as an essential lever for navigating volatility ahead.

Sixty-three percent of NEDs said investment in technology and innovation is the best way to counter today’s global volatility (see Figure 1).

“The majority of NEDs not only believe that technology investment is a key strategy in dealing with volatility, but they also believe that the majority of those investments should be in AI,” said Nunno. “AI was ranked as the number one investment (57% of respondents) expected to have a positive impact on shareholder value in the next two years, ahead of investing in new products and services (56%) and M&A (45%). NEDs have taken notice of the vast sums of money being invested in AI startups and large language models (LLMs) and believe over time that at least some of these AI bets will pay off.

“The majority of boards (71%) would like to see their enterprises take more technology risk and are actively encouraging their CEOs and executive teams to demonstrate that they have an AI strategy and are moving quickly enough.”

Gartner clients can learn more in The Path to Cybersecurity’s Elite and Board Confidence, End the Board’s Cybersecurity Trust Deficit and Gartner Board of Directors Survey 2026: How CIOs Can Respond to Shareholder Technology Priorities.

Learn how to maximize AI’s value while managing critical risks with the complimentary ebook AI in Cybersecurity: Minimize Risks and Maximize Impact.