A massive 90% of non-executive directors (NEDs) lack a measure of confidence in cybersecurity value, according to a new survey from Gartner.
Only 10% of NEDs express strong confidence in the value of cybersecurity investments or initiatives, stating they have the right balance of protection and cost.
Yet NED’s skepticism in cybersecurity value is a resource for change. Sense-maker CIOs and CISOs, who form the cyber-elite and help their organisations understand and respond to complexity and change have managed to earn their boards’ trust on “just right” levels of protection and cost.
The 2026 Gartner Board of Directors Survey was conducted from 14 April to 22 May 2025 among 330 respondents from North America, Latin America, Europe and Asia/Pacific, who are in a non-executive director role of private or public companies.
“Boards often struggle to connect cybersecurity investments to real business outcomes,” says Kristin Moyer, distinguished vice-president analyst at Gartner. “Dashboards and compliance updates can confuse rather than reassure, leaving NEDs uncertain about whether their organization is truly more secure.
“Sense-maker CIOs and CISOs earn board consensus on right levels of protection and cost by translating the complexity of cybersecurity into business value such as revenue, cost and shareholder impact.”
Boards are seeking clear insights into how specific threats translate into real risks for their organisations. Sense-maker CIOs and CISOs provide transparency on actual exposure levels and readiness for threats, moving beyond general cyberthreat trends, to empower NEDs with the information needed for informed decisions.
Top External Threats Impacting Shareholder Value
While boards are seeking greater clarity on cyber risks, they also recognize that these risks are part of a broader set of external threats facing organisations today.
Seventy percent of NEDs identified geopolitical instability and international conflict as the most significant external threats to shareholder value in the next 12 months.
Notably, one in three NEDs viewed cyber-risks, technology disruption and innovation challenges as top external threats to shareholder value in the year ahead.
“Virtually all NEDs have experienced a cybersecurity breach either as executive leaders or during their tenure as board members,” says Tina Nunno, managing vice-president at Gartner. “New security regulations have placed this topic front-and-center on board agendas. At the same time, AI is causing significant business disruption – and has gained considerable attention from boards.”
Technology Seen as Both a Risk and a Key to Navigating Volatility
Although technology is viewed by NEDs as an emerging risk area to shareholder value – including AI’s disruptive potential – it is also seen as an essential lever for navigating volatility ahead.
Sixty-three percent of NEDs said investment in technology and innovation is the best way to counter today’s global volatility.
“The majority of NEDs not only believe that technology investment is a key strategy in dealing with volatility, but they also believe that the majority of those investments should be in AI,” says Nunno.
“AI was ranked as the number one investment (57% of respondents) expected to have a positive impact on shareholder value in the next two years, ahead of investing in new products and services (56%) and M&A (45%).
“NEDs have taken notice of the vast sums of money being invested in AI startups and large language models (LLMs) and believe over time that at least some of these AI bets will pay off.
“The majority of boards (71%) would like to see their enterprises take more technology risk and are actively encouraging their CEOs and executive teams to demonstrate that they have an AI strategy and are moving quickly enough.”