A vast majority of Non-Executive Directors (NEDs) remain unconvinced that their organizations are getting adequate value from cybersecurity investments, according to new global research from Gartner. The study, released recently, found that only 10% of NEDs express strong confidence that their companies have struck the right balance between cyber protection and cost.
The findings come at a time when enterprises worldwide are under intense pressure to demonstrate oversight of cybersecurity, driven by regulatory mandates, rising geopolitical tensions and the rapid adoption of artificial intelligence across enterprise systems.
Gartner’s 2026 Board of Directors Survey polled 330 NEDs across North America, Europe, Latin America and Asia Pacific. The results indicate that despite years of increased cyber spending, boards still struggle to connect those investments to tangible business outcomes. Instead of reassurance, many dashboards, risk charts and compliance updates tend to obscure core exposure levels and contribute to skepticism at the board level.
“Boards often struggle to connect cybersecurity investments to real business outcomes,” said Kristin Moyer, Distinguished VP Analyst at Gartner. “NEDs remain unsure whether their organization is genuinely more secure, because cyber functions often present complexity rather than clarity.”
Why Skepticism May Be a Catalyst for Change
Gartner argues that NED skepticism can be a productive force—if CIOs and CISOs evolve into what the firm calls “sense-makers.” This cyber-elite group is characterized by its ability to translate technical complexity into clear business language tied to revenue, risk, cost and shareholder value. Organizations with such leaders, the report notes, are more successful in earning board alignment on “just-right” levels of protection and investment.
These leaders move beyond generic threat updates and instead provide transparency into actual exposure, readiness to respond and the likely financial or operational impact of specific threat scenarios. That clarity, Gartner says, is what NEDs have been missing.
Cyber Risk in a Broader Landscape of Volatility
The survey also reveals that cyber threats are not viewed in isolation. Seventy percent of NEDs identified geopolitical instability and global conflicts as the most significant external threat to shareholder value over the next 12 months. One in three NEDs cited cybersecurity, technology disruption and innovation risks among the top threats for the year ahead.
Given the surge in cyber incidents globally—including several high-profile breaches affecting financial services, manufacturing and government systems—boards are increasingly aware that cybersecurity failures can have multi-year financial, legal and reputational repercussions.
“Virtually all NEDs have experienced a cybersecurity breach either as executives or during their board tenure,” said Tina Nunno, Managing VP at Gartner. “New security regulations have placed this topic front-and-center on board agendas. At the same time, AI is causing significant business disruption.”
Technology Seen as Both a Risk and a Response
Despite the growing concern around AI-related cyber risks, the survey found that NEDs overwhelmingly view technology as a crucial tool for navigating global volatility. Sixty-three percent believe technology and innovation investments are the best strategy for weathering geopolitical and economic uncertainty.
AI, in particular, has become the top strategic priority: 57% of NEDs ranked AI as the number one investment expected to drive shareholder value in the next two years—surpassing new product development and mergers and acquisitions. Boards are encouraging CEOs to take bolder technology risks, with 71% saying they want to see more aggressive investments in emerging technologies.
NEDs have also taken note of the massive capital flowing into AI startups and large language model development. Many directors expect these investments to generate substantial returns for early movers, further amplifying pressure on executives to articulate clear AI adoption strategies.
A Turning Point for Cyber and AI Governance
As organizations prepare for 2026, Gartner’s findings suggest that boards are no longer satisfied with traditional cybersecurity governance models. They are seeking deeper visibility into risk, clearer connections to business outcomes and faster progress on AI strategies.
This shift signals a broader redefinition of cybersecurity and technology leadership. CIOs and CISOs who can frame cyber and AI initiatives in terms of value creation—not just risk mitigation—are increasingly viewed as essential to board-level decision-making.
