Skip to main content

The Quintessential Chief Information Security Officer

Given the strategic significance of digital transformation, IT security leadership is a really important role. And yet, only 12 percent of Chief Information Security Officers (CISOs) excel in all four categories of the 'CISO Effectiveness Index', according to the latest worldwide market study by Gartner.

Gartner analysts presented their global survey findings and discussed the key traits of top-performing CISOs during their recent 'Security & Risk Management Summit'.

"Today’s CISOs must demonstrate a higher level of effectiveness than ever before," said Sam Olyaei, research director at Gartner. "As the push to digital deepens, CISOs are responsible for supporting a rapidly evolving set of information risk decisions, while also facing greater oversight from regulators, executive teams and boards of directors."

IT Security Market Development

These significant enterprise challenges are further compounded by the pressure that the COVID-19 pandemic has put on the information technology (IT) security function to be more agile and flexible.

Gartner’s measure of CISO effectiveness is determined by a CISO’s ability to execute against a set of outcomes in four categories:
  1. Functional leadership
  2. Information security service delivery
  3. Scaled governance
  4. Enterprise responsiveness
The survey respondent’s score in each category was combined together to calculate their overall effectiveness score. Gartner defines 'effective CISOs' as those who scored in the top one-third of the CISO effectiveness measure.

Of the factors that impact CISO effectiveness, Gartner revealed five behaviors that significantly differentiate top-performing CISOs from bottom performers. On average, each of these behaviors is twice as prevalent in top performers than in bottom performers.

"A clear trend among top-performing CISOs is demonstrating a high level of proactiveness, whether that’s staying abreast of evolving threats, communicating emerging risks with stakeholders or having a formal succession plan," said Mr. Olyaei. "CISOs should prioritize these kinds of proactive activities to boost their effectiveness."

The survey also found that top-performing CISOs regularly meet with three times as many non-IT stakeholders (such as Line of Business leaders) as they do IT stakeholders.

Two-thirds of these top performers meet at least once per month with business unit leaders, while 43 percent meet with the CEO, 45 percent meet with the head of marketing and 30 percent meet with the head of sales.

According to the Gartner assessment, CISOs have historically built fruitful relationships with IT executives, but digital transformation has further democratized information security decision making.

Effective CISOs keep a close eye on how risks are evolving across the enterprise and develop strong relationships with the owners of that risk – senior business leaders outside of IT.

The survey also found that highly effective CISOs better manage workplace stressors. Just 27 percent of top-performing CISOs feel overloaded with security alerts, compared with 62 percent of bottom performers.

Furthermore, less than a third of top performers feel that they face unrealistic expectations from stakeholders, compared with half of the bottom performing CISOs.

Outlook for Enterprise CISO Leadership and Influence

"As the CISO role becomes increasingly demanding, the most effective security leaders are those who can manage the stressors that they face daily," said Mr. Olyaei.

Actions such as keeping a clear distinction between work and non-work, setting explicit expectations with stakeholders, and delegating or automating tasks are essential for enabling CISOs to function at a high level.

That said, I believe that IT security spans both the data and networking realm, due to the growing demand for hybrid IT solutions that incorporate a combination of on-premise data centers and public cloud computing infrastructure. Moreover, the inherent security benefits of SD-WAN solutions make them an essential tool for forward-thinking CISOs.

Popular posts from this blog

Wireless Solutions Advance Work from Home Trends

Despite a challenging backdrop from the ongoing effects of the global COVID-19 pandemic, the negative impact on fifth-generation (5G) wireless supply chains has been minimal compared to the wider mobile smartphone market. This led to 5G mobile devices becoming more diverse, brought to market quickly at a variety of price points, thereby accelerating affordability and adoption. The mobile market is transitioning to 5G and many leading vendors are now exploring the low-priced 5G smartphone segment. According to the latest worldwide market study by ABI Research, 681 million 5G handsets will be shipped in 2022. Therefore, the race is on for OEMs to find that all-important level of differentiation in their flagship portfolios to help boost margins and improve market share. 5G Wireless Market Development Vendors continue to drive the adoption of new product designs, screen technology, chipsets, and camera setups -- notably within the flagship smartphone segment. Meanwhile, the leaders seek a

Software-Defined Infrastructure: The Platform of Choice

As more organizations adapt to a hybrid working model for their distributed workforce, enterprise CIOs and CTOs are tasked with delivering new productivity-enabling applications, while also seeking ways to effectively reduce IT cost, complexity, and risk. Traditional IT hardware infrastructure is evolving to more software-based solutions. The worldwide software-defined infrastructure (SDI) combined software market reached $12.17 billion during 2020 -- that's an increase of 5 percent over 2019, according to the latest market study by International Data Corporation (IDC). The market grew faster than other core IT technologies. The three technology pillars within the SDI market are: software-defined compute (53 percent of market value), software-defined storage controller (36 percent), and software-defined networking (11 percent). "Software-defined infrastructure solutions have long been popular for companies looking to eliminate cost, complexity, and risk within their data cente

Digital Identity Verification Market to Reach $16.7B

As more enterprise organizations embrace the ongoing transition to digital business transformation, CIOs and CTOs are adopting new technologies that enable the secure identification of individuals within their key stakeholder communities. A "digital identity" is a unique representation of a person. It enables individuals to prove their physical identity during transactions. Moreover, a digital identity is a set of validated digital attributes and credentials for online interactions -- similar to a person's identity within the physical world. Individuals can use a 'digital ID' to be verified through an authorized digital channel. Usually issued or regulated by a national ID scheme, a digital identity serves to identify a unique person online or offline. Digital Identity Systems Market Development Complementary to more traditional forms of identification, digital identity verification systems can enhance the authenticity, security, confidentiality, and efficiency of