Skip to main content

The Quintessential Chief Information Security Officer

Given the strategic significance of digital transformation, IT security leadership is a really important role. And yet, only 12 percent of Chief Information Security Officers (CISOs) excel in all four categories of the 'CISO Effectiveness Index', according to the latest worldwide market study by Gartner.

Gartner analysts presented their global survey findings and discussed the key traits of top-performing CISOs during their recent 'Security & Risk Management Summit'.

"Today’s CISOs must demonstrate a higher level of effectiveness than ever before," said Sam Olyaei, research director at Gartner. "As the push to digital deepens, CISOs are responsible for supporting a rapidly evolving set of information risk decisions, while also facing greater oversight from regulators, executive teams and boards of directors."

IT Security Market Development

These significant enterprise challenges are further compounded by the pressure that the COVID-19 pandemic has put on the information technology (IT) security function to be more agile and flexible.

Gartner’s measure of CISO effectiveness is determined by a CISO’s ability to execute against a set of outcomes in four categories:
  1. Functional leadership
  2. Information security service delivery
  3. Scaled governance
  4. Enterprise responsiveness
The survey respondent’s score in each category was combined together to calculate their overall effectiveness score. Gartner defines 'effective CISOs' as those who scored in the top one-third of the CISO effectiveness measure.

Of the factors that impact CISO effectiveness, Gartner revealed five behaviors that significantly differentiate top-performing CISOs from bottom performers. On average, each of these behaviors is twice as prevalent in top performers than in bottom performers.

"A clear trend among top-performing CISOs is demonstrating a high level of proactiveness, whether that’s staying abreast of evolving threats, communicating emerging risks with stakeholders or having a formal succession plan," said Mr. Olyaei. "CISOs should prioritize these kinds of proactive activities to boost their effectiveness."

The survey also found that top-performing CISOs regularly meet with three times as many non-IT stakeholders (such as Line of Business leaders) as they do IT stakeholders.

Two-thirds of these top performers meet at least once per month with business unit leaders, while 43 percent meet with the CEO, 45 percent meet with the head of marketing and 30 percent meet with the head of sales.

According to the Gartner assessment, CISOs have historically built fruitful relationships with IT executives, but digital transformation has further democratized information security decision making.

Effective CISOs keep a close eye on how risks are evolving across the enterprise and develop strong relationships with the owners of that risk – senior business leaders outside of IT.

The survey also found that highly effective CISOs better manage workplace stressors. Just 27 percent of top-performing CISOs feel overloaded with security alerts, compared with 62 percent of bottom performers.

Furthermore, less than a third of top performers feel that they face unrealistic expectations from stakeholders, compared with half of the bottom performing CISOs.

Outlook for Enterprise CISO Leadership and Influence

"As the CISO role becomes increasingly demanding, the most effective security leaders are those who can manage the stressors that they face daily," said Mr. Olyaei.

Actions such as keeping a clear distinction between work and non-work, setting explicit expectations with stakeholders, and delegating or automating tasks are essential for enabling CISOs to function at a high level.

That said, I believe that IT security spans both the data and networking realm, due to the growing demand for hybrid IT solutions that incorporate a combination of on-premise data centers and public cloud computing infrastructure. Moreover, the inherent security benefits of SD-WAN solutions make them an essential tool for forward-thinking CISOs.

Popular posts from this blog

Digital Talent Demand Exceeds Supply in Asia-Pac

Even the savviest CEO's desire for a digital transformation advantage has to face the global market reality -- there simply isn't enough skilled and experienced talent available to meet demand. According to the latest market study by IDC, around 60-80 percent of Asia-Pacific (AP) organizations find it "difficult" or "extremely difficult" to fill many IT roles -- including cybersecurity, software development, and data insight professionals. Major consequences of the skills shortage are increased workload on remaining digital business and IT employees, increased security risks, and loss of "hard-to-replace" critical transformation knowledge. Digital Business Talent Market Development Although big tech companies' layoffs are making headlines, they are not representative of the overall global marketplace. Ongoing difficulty to fill key practitioner vacancies is still among the top issues faced by leaders across industries. "Skills are difficul

Mobile Device Market Still Awaiting Recovery

The mobile devices market has experienced three years of unpredictable demand. The global pandemic, geopolitical pressures, supply chain issues, and macroeconomic headwinds have hindered the sector's consistent growth potential. This extremely challenging environment has dramatically affected both demand and supply chains. It has led to subsequent inflationary pressures, leading to a worsening global cost of living crisis suppressing growth and confidence in the sector. In tandem, mobile device industry stakeholders have become more cautious triggering market uncertainties. Mobile Device Market Development Operating under such a backdrop, the development of mobile device ecosystems and vendor landscapes have been impacted severely. Many of these market pressures persisted throughout 2022 and now into 2023, borne chiefly by the smartphone market. According to the latest worldwide market study by ABI Research, worldwide smartphone shipments in 2022 declined 9.6 percent Year-over-Year

Open Banking Usage to Grow by 470 Percent

The Open Banking business model has been advantageous for Third-Party Providers (TPPs), helping them to extend their offerings into other areas of financial services with new capabilities. Open Banking is also advantageous for traditional banking institutions, despite the perceived loss of custodianship over their data, by providing greater accessibility to more bank services. Furthermore, Open Banking can help serve Mobile Internet providers that are able to leverage it to create tailored services according to customers’ preferences and/or economic limitations. Open Banking Market Development Since traditional banking services are made more convenient by TPPs via greater data access, customers can proactively manage their finances and shape the development of new financial offerings. This is particularly noticeable in the realm of Digital Payments, where retail merchants and customers transact through eCommerce, which has the greatest number of use cases for Open Banking. These includ