
Highly Effective CISOs Demonstrate Five Key Game-Changing Behaviours
A recent survey of chief information security officers (CISOs) by Gartner, Inc. revealed that 69% of top-performing CISOs dedicate recurring time on their calendars for personal professional development. This is compared with just 36% of bottom-performing CISOs who do so.
“As the CISO role continues to rapidly evolve, it becomes even more critical for security and risk leaders to protect time for professional development,” said Chiara Girardi, Senior Principal, Research at Gartner. “Developing new skills and knowledge as the role changes is essential to effectively serve as a strategic advisor to the business – the new CISO paradigm.”
The data was collected from 2020 through 2023 as part of a Gartner benchmarking survey of 227 CISOs. Respondents were measured on key areas of CISO effectiveness, with those scoring in the top one-third ranked as “top performers.”
The research identified five key behaviours that significantly differentiate top-performing CISOs from bottom performers. On average, each of these behaviours is at least 1.5 times as prevalent in top performers than in bottom performers (see Figure 1).
Fig. 1: Effective CISOs’ Top Five Game-Changing Behaviours
Source: Gartner (August 2023)
For example, the survey found that 77% of top-performing CISOs initiate conversations in the organisation on evolving national and international security norms, such as hacking back and threat attribution. This is compared with just half of bottom performers who do so.
“No organisation can be fully protected against every cyber-threat,” said Girardi. “The most effective CISOs stay apprised of existing and emerging risks so they can provide leadership with context around the most significant threats facing the business, to influence investments and risk decisions accordingly.”
Additionally, 63% of top-performing CISOs proactively engage in securing emerging technologies like artificial intelligence (AI), machine learning (ML) and blockchain, compared with just 38% of bottom-performing CISOs.
“As AI adoption proliferates, CISOs are already behind the curve in assessing its risk impact,” said Girardi. “Threat actors are always one step ahead, so CISOs must be more proactive in understanding the security impact of technologies like generative AI and communicating those risks with senior business leadership.”
Top-performing CISOs proactively engage with senior decision-makers across the business, such as by building relationships outside the context of projects (65%) and by collaborating to define enterprise risk appetite (67%). Furthermore, the most effective CISOs regularly meet with three times as many non-IT stakeholders compared to IT stakeholders, such as heads of sales, heads of marketing and business unit leaders.
“Non-IT functions are key partners that can take technology and cybersecurity decisions outside of IT,” said Girardi. “By setting aside dedicated time to build relationships with senior business decision-makers across the organisation, CISOs can cultivate an environment where decision makers understand and care about cybersecurity, as well as consider cybersecurity implications in their decision making.”
Gartner clients can learn more in “Key Behaviours Driving CISO Effectiveness.” Learn how to be an effective cybersecurity leader in the complimentary Gartner ebook Four Facets of Effective CISO Leadership.
Fachartikel

Privilegierte Zugriffe im Fokus: Warum CIOs jetzt auf Privileged Access Management (PAM) setzen müssen

Neue Cyber-Bedrohung „Hazy Hawk“ kapert Subdomains – Gefahr auch für Ihr Unternehmen?

400.000 DMARC-Boost nach Microsofts Update für Absender mit hohem Volumen

Ausgewogenes Verhältnis zwischen Notfallwiederherstellung, Backup-Systemen und Sicherheit

Über 100 schädliche Chrome-Erweiterungen entdeckt – getarnt als KI-Tools, VPNs und Krypto-Helfer
Studien

Unternehmen blockieren zunehmend GenAI-Tools – DNSFilter-Studie zeigt wachsende Sicherheitsbedenken

Weltweite Investitionen in Quantencomputing nehmen branchenübergreifend zu

Princeton-Forscher warnen vor fatalen KI-Angriffen im Web3-Umfeld

Führungskräfte ohne KI-Wissen? Gartner-Umfrage offenbart Sorgen der CEOs

Schweigen über KI-Erfolge: Was eine neue Ivanti-Studie offenbart
Whitepaper

Neuer Leitfaden zur Sicherung von KI-Daten veröffentlicht

Russische Cyberangriffe auf westliche Logistik: Deutsche Behörden warnen vor GRU-Einheit 26165

BEC- und FTF-Angriffe – keine andere Cyberbedrohung hat 2024 für mehr Schaden gesorgt

100 Tage bis zum Inkrafttreten des Data Act: Deutsche Unternehmen kaum vorbereitet

Weltweiter Sicherheitslagebericht zeigt dringenden Handlungsbedarf: Vernetzte Prozesse als Schlüssel
Hamsterrad-Rebell

Insider – die verdrängte Gefahr

Sicherer SAP-Entwicklungsprozess: Onapsis Control schützt vor Risiken

Das CTEM-Framework navigieren: Warum klassisches Schwachstellenmanagement nicht mehr ausreicht

Cybersicherheit im Mittelstand: Kostenfreie Hilfe für Unternehmen
