More than half of digital businesses will suffer major service failures by 2020, due to the inability of IT security teams to manage digital risk in new technology, according to Gartner.
Gartner has named digital risk management as the next evolution in enterprise risk and security for digital businesses by expanding the scope of technologies protected.
IT, operational technology, the Internet of Things and physical security technologies will have interdependencies that require a risk-based approach to governance and management.
Gartner analysts predict more than half of CEOs will have a senior "digital" leader role in their staff by the end of 2015, according to the 2014 CEO and Senior Executive Survey by Gartner.
Gartner said that by 2017, one-third of large enterprises engaging in digital business models and activities will also have a digital risk officer (DRO) role or equivalent.
Gartner vice president and distinguished analyst, Paul Proctor, said digital risk officers would require a mix of business acumen and understanding with sufficient technical knowledge to assess and make recommendations for appropriately addressing digital business risk.
"Many traditional security officers will change their titles to digital risk and security officers, but without material change in their scope, mandate, and skills they will not fulfill this role in its entirety." However, the mandate and scope of a DRO is very different than a chief information security officer.
"In many organisations the CISO role will continue with similar scope as in 2014," according to a Gartner statement.
"The DRO will report to a senior executive role outside of IT such as the chief risk officer, chief digital officer or the chief operating officer.
"They will manage risk at an executive level across digital business units working directly with peers in legal, privacy, compliance, digital marketing, digital sales and digital operations. The impact of this new structure of digital risk governance and management on IT and IT security operations is expected to be minimal, particularly in those enterprises that have already appointed a chief risk officer.
However, the potential impact on the culture of IT and IT security teams is major, according to Gartner. "IT, the Internet of Things and physical security form a new super-set of technology that challenges the ability of existing organisational structures, skill sets and tools to consistently and adequately assess, define and manage technology risks," a Gartner statement said.
"Simply expanding the portfolio of the existing IT security team to include technology risk for all internet-aware technology is not viable.
Proctor said a consistent, unified approach to digital risk at the enterprise level had the potential to deliver cost efficiencies and greater risk assurance for business processes than the fragmented approach currently in place at most enterprises.
Sign up for CIO Asia eNewsletters.