By 2017, one-third of large enterprises with digital business models and activities would also have a digital risk officer (DRO) role or its equivalent, the Gartner report said.
By 2020, 60 per cent of digital businesses would suffer major service failures due to the infotech security team's inability to manage digital risk in cases related to use of new technologies, the Gartner report said.
Infotech, operational technology, the Internet of Things (IoT) and physical security technologies would be interdependent, requiring a risk-based approach to governance and management, the Gartner report said.
Digital risk management is the next evolution in enterprise risk and security for digital businesses by expanding the scope of technologies protected, it said.
"Digital risk officers will require a mix of business acumen and understanding with sufficient technical knowledge to assess and make recommendations for appropriately addressing digital business risk," Gartner's Vice President and Distinguished Analyst Paul Proctor said in the report.
Many traditional security officers would change their titles to "digital risk and security officers", but without material change in their scope, mandate as well as skills, they would not be able to fulfill such a role in its entirety, he said.
Digital risk officers would report to a senior executives like the Chief Risk Officer, the Chief Digital Officer or the Chief Operating Officer. They would manage risk at an executive level across digital business units working directly with peers in legal, privacy, compliance, digital marketing, digital sales and digital operations, the report said.
Many Chief Information Security Officers (CISOs) would evolve into digital risk officers after they begin to own or form effective partnerships with digital security teams managing other forms of technology. Infotech security leaders may continue with their assigned responsibilities reporting to digital risk officers.
As physical security management becomes increasingly digital, this would include physical security teams as well, it said.
"By 2019, the new digital risk concept will become the default approach for technology risk management," Proctor said in the report.