Skip to main content

The Quintessential Chief Information Security Officer

Given the strategic significance of digital transformation, IT security leadership is a really important role. And yet, only 12 percent of Chief Information Security Officers (CISOs) excel in all four categories of the 'CISO Effectiveness Index', according to the latest worldwide market study by Gartner.

Gartner analysts presented their global survey findings and discussed the key traits of top-performing CISOs during their recent 'Security & Risk Management Summit'.

"Today’s CISOs must demonstrate a higher level of effectiveness than ever before," said Sam Olyaei, research director at Gartner. "As the push to digital deepens, CISOs are responsible for supporting a rapidly evolving set of information risk decisions, while also facing greater oversight from regulators, executive teams and boards of directors."

IT Security Market Development

These significant enterprise challenges are further compounded by the pressure that the COVID-19 pandemic has put on the information technology (IT) security function to be more agile and flexible.

Gartner’s measure of CISO effectiveness is determined by a CISO’s ability to execute against a set of outcomes in four categories:
  1. Functional leadership
  2. Information security service delivery
  3. Scaled governance
  4. Enterprise responsiveness
The survey respondent’s score in each category was combined together to calculate their overall effectiveness score. Gartner defines 'effective CISOs' as those who scored in the top one-third of the CISO effectiveness measure.

Of the factors that impact CISO effectiveness, Gartner revealed five behaviors that significantly differentiate top-performing CISOs from bottom performers. On average, each of these behaviors is twice as prevalent in top performers than in bottom performers.

"A clear trend among top-performing CISOs is demonstrating a high level of proactiveness, whether that’s staying abreast of evolving threats, communicating emerging risks with stakeholders or having a formal succession plan," said Mr. Olyaei. "CISOs should prioritize these kinds of proactive activities to boost their effectiveness."

The survey also found that top-performing CISOs regularly meet with three times as many non-IT stakeholders (such as Line of Business leaders) as they do IT stakeholders.

Two-thirds of these top performers meet at least once per month with business unit leaders, while 43 percent meet with the CEO, 45 percent meet with the head of marketing and 30 percent meet with the head of sales.

According to the Gartner assessment, CISOs have historically built fruitful relationships with IT executives, but digital transformation has further democratized information security decision making.

Effective CISOs keep a close eye on how risks are evolving across the enterprise and develop strong relationships with the owners of that risk – senior business leaders outside of IT.

The survey also found that highly effective CISOs better manage workplace stressors. Just 27 percent of top-performing CISOs feel overloaded with security alerts, compared with 62 percent of bottom performers.

Furthermore, less than a third of top performers feel that they face unrealistic expectations from stakeholders, compared with half of the bottom performing CISOs.

Outlook for Enterprise CISO Leadership and Influence

"As the CISO role becomes increasingly demanding, the most effective security leaders are those who can manage the stressors that they face daily," said Mr. Olyaei.

Actions such as keeping a clear distinction between work and non-work, setting explicit expectations with stakeholders, and delegating or automating tasks are essential for enabling CISOs to function at a high level.

That said, I believe that IT security spans both the data and networking realm, due to the growing demand for hybrid IT solutions that incorporate a combination of on-premise data centers and public cloud computing infrastructure. Moreover, the inherent security benefits of SD-WAN solutions make them an essential tool for forward-thinking CISOs.

Popular posts from this blog

How a Digital-First CEO Leads Transformation

Some leaders reject the notion that "wait and see" is the best response to disruptive change. Savvy senior executives are already driving digital business transformation throughout their organization in an effort to gain a bold strategic advantage. According to the latest market study by International Data Corp (IDC), Digital-First CEOs plan to drive at least half of their income from digital business products, services, and experiences by 2027 -- that's ahead of the market average of 39 percent. Driven by their response to the COVID-19 pandemic, these business leaders have changed how they think about the relationship between business and technology, and how they approach the next digital transformation era -- from scaling digital technology to guiding a viable digital business. Digital Business Market Development IDC defines digital business as value creation based on technology, which entails: 1) Automated customer-facing processes and internal operations; 2) Provision

Digital Solutions for Industrial & Manufacturing Firms

Executive leaders of fast-moving consumer goods (FMCG) are seeking guidance on how to apply new business technology in their manufacturing operations. CIOs and CTOs are tasked with gaining insight into the best solutions for digital transformation. ABI Research evaluated the impact politics, regulation, the economy, supply chain, ESG, and technology are having on FMCG, pharma, producers of steel, chemicals, pulp and paper -- as well as the mining and oil & gas sectors. Digital Transformation Market Development "Our assessment found that the FMCG sector is under pressure from all sides," says Michael Larner, industrial & manufacturing research director at ABI Research . Securing raw materials is challenging considering lockdowns in China and limited grain supplies from Ukraine. Supply shocks are raising input costs, and operating costs are rising with higher energy costs coupled with the pressure to pay higher wages and work sustainably. "We all hoped that with th

5G Fixed Wireless Access Revenue to Reach $24B

Available Internet access at an affordable cost is essential for everyone to participate in the Global Networked Economy. The deployment of fifth-generation (5G) wireless communications infrastructure is enabling the introduction of lower-cost broadband services in some markets. Fixed Wireless Access (FWA) allows mobile network operators (MNO) to deliver high-speed Internet connections in areas that have either insufficient or no prior wireline broadband access services. It's also used in urban, suburban, and rural areas where fiber optic communication is considered too expensive to install and maintain. With this new technology, MNOs have the potential to provide broadband capability at similar levels to fiber optic networks. Fixed Wireless Access Market Development Therefore, FWA can be used to supplement existing wired broadband Internet service offerings, provide additional broadband capacity, or act as a backup service for home or business applications. Although FWA is well es