Skip to main content

The Quintessential Chief Information Security Officer

Given the strategic significance of digital transformation, IT security leadership is a really important role. And yet, only 12 percent of Chief Information Security Officers (CISOs) excel in all four categories of the 'CISO Effectiveness Index', according to the latest worldwide market study by Gartner.

Gartner analysts presented their global survey findings and discussed the key traits of top-performing CISOs during their recent 'Security & Risk Management Summit'.

"Today’s CISOs must demonstrate a higher level of effectiveness than ever before," said Sam Olyaei, research director at Gartner. "As the push to digital deepens, CISOs are responsible for supporting a rapidly evolving set of information risk decisions, while also facing greater oversight from regulators, executive teams and boards of directors."

IT Security Market Development

These significant enterprise challenges are further compounded by the pressure that the COVID-19 pandemic has put on the information technology (IT) security function to be more agile and flexible.

Gartner’s measure of CISO effectiveness is determined by a CISO’s ability to execute against a set of outcomes in four categories:
  1. Functional leadership
  2. Information security service delivery
  3. Scaled governance
  4. Enterprise responsiveness
The survey respondent’s score in each category was combined together to calculate their overall effectiveness score. Gartner defines 'effective CISOs' as those who scored in the top one-third of the CISO effectiveness measure.

Of the factors that impact CISO effectiveness, Gartner revealed five behaviors that significantly differentiate top-performing CISOs from bottom performers. On average, each of these behaviors is twice as prevalent in top performers than in bottom performers.

"A clear trend among top-performing CISOs is demonstrating a high level of proactiveness, whether that’s staying abreast of evolving threats, communicating emerging risks with stakeholders or having a formal succession plan," said Mr. Olyaei. "CISOs should prioritize these kinds of proactive activities to boost their effectiveness."

The survey also found that top-performing CISOs regularly meet with three times as many non-IT stakeholders (such as Line of Business leaders) as they do IT stakeholders.

Two-thirds of these top performers meet at least once per month with business unit leaders, while 43 percent meet with the CEO, 45 percent meet with the head of marketing and 30 percent meet with the head of sales.

According to the Gartner assessment, CISOs have historically built fruitful relationships with IT executives, but digital transformation has further democratized information security decision making.

Effective CISOs keep a close eye on how risks are evolving across the enterprise and develop strong relationships with the owners of that risk – senior business leaders outside of IT.

The survey also found that highly effective CISOs better manage workplace stressors. Just 27 percent of top-performing CISOs feel overloaded with security alerts, compared with 62 percent of bottom performers.

Furthermore, less than a third of top performers feel that they face unrealistic expectations from stakeholders, compared with half of the bottom performing CISOs.

Outlook for Enterprise CISO Leadership and Influence

"As the CISO role becomes increasingly demanding, the most effective security leaders are those who can manage the stressors that they face daily," said Mr. Olyaei.

Actions such as keeping a clear distinction between work and non-work, setting explicit expectations with stakeholders, and delegating or automating tasks are essential for enabling CISOs to function at a high level.

That said, I believe that IT security spans both the data and networking realm, due to the growing demand for hybrid IT solutions that incorporate a combination of on-premise data centers and public cloud computing infrastructure. Moreover, the inherent security benefits of SD-WAN solutions make them an essential tool for forward-thinking CISOs.

Popular posts from this blog

Digital Transformation Growth Defies Market Volatility

The forward-looking CEO's commitment to ongoing investment in Information Technology (IT) is persistent. Worldwide IT spending is forecast to total $4.4 trillion in 2022 -- that's an increase of 4 percent from 2021, according to the latest worldwide market study by Gartner, Inc.   "This year is proving to be one of the noisiest years on record for CIOs," said John-David Lovelock, vice president at Gartner . Regardless, digital transformation remains a high priority across the globe. Geopolitical disruption, inflation, currency fluctuations, and supply chain challenges are among the many market volatility factors vying for attention, yet contrary to what Gartner saw at the start of 2020, enterprise CIOs are accelerating IT investments in 2022. Digital Transformation Market Development As a result, purchasing and investing preferences will be focused on areas including data analytics, cloud computing, seamless customer experiences, and IT security. Inflation impacts on

IoT Device Management Demand Gains Momentum

More forward-thinking CIOs and CTOs are focused on the adoption of the Internet of Things (IoT). Management challenges are top of mind for those who have already deployed a large number of sensors and associated network edge devices. Device management services are evolving in response to a greater breadth of new device technologies such as edge intelligence and related connectivity solutions, as well as the customer scalability and security of IoT deployments. But forward-looking suppliers are also preparing for a world where 41.3 percent of the connected devices will be using some form of Low Power Wide Area (LPWA) technologies by 2026. IoT Device Management Market Development Since IoT customers increasingly need to manage a larger fleet of connected devices, ABI Research now forecasts that IoT device management services will exceed $36.8 billion in revenues by 2026. Standardization is beginning to play a bigger role in device management services, as more connected devices use LPWA t

Anywhere, Anytime Workplace Demand for SASE

The ongoing adoption of flexible working models within the enterprise market has significant implications for typical IT organizations that must now support knowledge workers and front-line employees that operate outside the corporate network perimeter. The global COVID-19 pandemic created IT networking and security challenges. The expansion of the distributed workforce, an increasing reliance on cloud computing infrastructure, and the requirement to securely connect online employees -- wherever they choose to work, at any given moment in time. Legacy IT solutions that have rigid network underlays and a requirement for on-premises infrastructure cannot adequately deal with these trends. This 'Anywhere, Anytime Workplace' led to demand for new Secure Access Service Edge (SASE) solutions, with networking and security delivered as-a-service. Anywhere, Anytime Workplace Market Development   Although converging networking and security capabilities offer enterprises a promising solut