Skip to main content

The Quintessential Chief Information Security Officer

Given the strategic significance of digital transformation, IT security leadership is a really important role. And yet, only 12 percent of Chief Information Security Officers (CISOs) excel in all four categories of the 'CISO Effectiveness Index', according to the latest worldwide market study by Gartner.

Gartner analysts presented their global survey findings and discussed the key traits of top-performing CISOs during their recent 'Security & Risk Management Summit'.

"Today’s CISOs must demonstrate a higher level of effectiveness than ever before," said Sam Olyaei, research director at Gartner. "As the push to digital deepens, CISOs are responsible for supporting a rapidly evolving set of information risk decisions, while also facing greater oversight from regulators, executive teams and boards of directors."

IT Security Market Development

These significant enterprise challenges are further compounded by the pressure that the COVID-19 pandemic has put on the information technology (IT) security function to be more agile and flexible.

Gartner’s measure of CISO effectiveness is determined by a CISO’s ability to execute against a set of outcomes in four categories:
  1. Functional leadership
  2. Information security service delivery
  3. Scaled governance
  4. Enterprise responsiveness
The survey respondent’s score in each category was combined together to calculate their overall effectiveness score. Gartner defines 'effective CISOs' as those who scored in the top one-third of the CISO effectiveness measure.

Of the factors that impact CISO effectiveness, Gartner revealed five behaviors that significantly differentiate top-performing CISOs from bottom performers. On average, each of these behaviors is twice as prevalent in top performers than in bottom performers.

"A clear trend among top-performing CISOs is demonstrating a high level of proactiveness, whether that’s staying abreast of evolving threats, communicating emerging risks with stakeholders or having a formal succession plan," said Mr. Olyaei. "CISOs should prioritize these kinds of proactive activities to boost their effectiveness."

The survey also found that top-performing CISOs regularly meet with three times as many non-IT stakeholders (such as Line of Business leaders) as they do IT stakeholders.

Two-thirds of these top performers meet at least once per month with business unit leaders, while 43 percent meet with the CEO, 45 percent meet with the head of marketing and 30 percent meet with the head of sales.

According to the Gartner assessment, CISOs have historically built fruitful relationships with IT executives, but digital transformation has further democratized information security decision making.

Effective CISOs keep a close eye on how risks are evolving across the enterprise and develop strong relationships with the owners of that risk – senior business leaders outside of IT.

The survey also found that highly effective CISOs better manage workplace stressors. Just 27 percent of top-performing CISOs feel overloaded with security alerts, compared with 62 percent of bottom performers.

Furthermore, less than a third of top performers feel that they face unrealistic expectations from stakeholders, compared with half of the bottom performing CISOs.

Outlook for Enterprise CISO Leadership and Influence

"As the CISO role becomes increasingly demanding, the most effective security leaders are those who can manage the stressors that they face daily," said Mr. Olyaei.

Actions such as keeping a clear distinction between work and non-work, setting explicit expectations with stakeholders, and delegating or automating tasks are essential for enabling CISOs to function at a high level.

That said, I believe that IT security spans both the data and networking realm, due to the growing demand for hybrid IT solutions that incorporate a combination of on-premise data centers and public cloud computing infrastructure. Moreover, the inherent security benefits of SD-WAN solutions make them an essential tool for forward-thinking CISOs.

Popular posts from this blog

Mobility-as-a-Service Creates Disruptive Travel Options

Building on significant advances in big data, analytics, and the Internet of Things (IoT), more innovative transit service offerings aim to increase public transport ridership and reduce emissions or congestion within metropolitan areas. By providing these services through smartphone apps, the transit services also significantly increase user convenience, providing information on different human mobility offerings -- including public transport, ridesharing, and autonomous vehicles. Mobility-as-a-Service Market Development According to the latest market study by Juniper Research, Mobility-as-a-Service (MaaS) subscribers will generate $53 billion in revenue for MaaS platform providers by 2027 -- that's rising from $5.3 billion in 2021. Let's start with a basic definition. MaaS is the provision of multi-modal end-to-end travel services through single platforms, by which users can determine an optimal route and price. The study identified a monthly subscription model as key to incr

Hybrid Work: How to Enhance Employee Productivity

When you hire qualified talent for a key role and trust them to perform, you'll likely achieve the best outcome. Skilled and experienced people will deliver results, regardless of the challenges. That's a key lesson learned from the pandemic experience as most knowledge workers were asked to work from their homes. However, some resist returning to an open-plan office. It's unacceptable. Meanwhile, forward-thinking leaders decided a "return to normal" is undesirable, and in hindsight, everyone should aspire to be more accomodating than before. Therefore, location flexibility is okay. Hybrid Workforce Market Development How will people adapt to these changes? They'll apply the modern IT tools at their disposal. They'll learn new skills and thrive. Nearly 80 percent of employees are now successfully using online collaboration tools for work in 2021 -- that's up from just over half of workers in 2019, according to the latest market study by Gartner. This g

Robocall Mitigation Solutions to Halt Criminal Threats

If you answer the phone and hear a recorded message instead of a live person, it's likely a robocall. A robocall is a phone call that uses a computerized autodialer to deliver a pre-recorded message. In 2020, the U.S. Federal Trade Commission (FTC) received 2.8 million consumer complaints about robocalls. Offering solutions to robocalling and associated fraudulent business practices, computerized mitigation platforms are an integral part of the solution. Platforms that are focused on actionable systems to disrupt unsolicited and potentially criminal phone calls help telecom service providers and industry regulators. Issues of whether one-size-fits-all developments are sufficient to be effective across the spectrum need to be addressed, and whether a single telecom network operator working unilaterally with a third-party platform could compromise desired or mandatory industry-wide standards. Robocall Mitigation Market Development According to the latest worldwide market study by Jun