Logo {!-- --}

Highly effective CISOs in short supply?

Only 12% of chief information security officers (CISOs) excel in all four categories of the Gartner CISO Effectiveness Index, according to a survey by Gartner, Inc.

Gartner analysts presented the survey findings and discussed the traits of top-performing CISOs during the recent Gartner Security & Risk Management Summit 2020.

“Today’s CISOs must demonstrate a higher level of effectiveness than ever before,” said Sam Olyaei, research director at Gartner. “As the push to digital deepens, CISOs are responsible for supporting a rapidly evolving set of information risk decisions, while also facing greater oversight from regulators, executive teams and boards of directors. These challenges are further compounded by the pressure that COVID-19 has put on the information security function to be more agile and flexible.”

The 2020 Gartner CISO Effectiveness Survey was conducted among 129 heads of information risk functions, across all industries, globally in January 2020. Gartner’s measure of CISO effectiveness is determined by a CISO’s ability to execute against a set of outcomes in the four categories of (i) functional leadership, (ii) information security service delivery, (iii) scaled governance and (iv) enterprise responsiveness. Each respondent’s score in each category was added together to calculate their overall effectiveness score. Gartner defines “effective CISOs” as those who scored in the top one-third of the CISO effectiveness measure.

Top-Performing CISOs Demonstrate Five Key Behaviours

Of the factors that impact CISO effectiveness, Gartner revealed five behaviours that that significantly differentiate top-performing CISOs from bottom performers. On average, each of these behaviours is twice as prevalent in top performers than in bottom performers (see picture).



“A clear trend among top-performing CISOs is demonstrating a high level of proactiveness, whether that’s staying abreast of evolving threats, communicating emerging risks with stakeholders or having a formal succession plan,” said Mr Olyaei. “CISOs should prioritise these kinds of proactive activities to boost their effectiveness.”

The survey also found that top performing CISOs regularly meet with three times as many non-IT stakeholders as they do IT stakeholders. Two-thirds of these top performers meet at least once per month with business unit leaders, while 43% meet with the CEO, 45% meet with the head of marketing and 30% meet with the head of sales.

“CISOs have historically built fruitful relationships with IT executives, but digital transformation has further democratised information security decision making,” added Daria Krilenko, senior research director at Gartner. “Effective CISOs keep a close eye on how risks are evolving across the enterprise and develop strong relationships with the owners of that risk – senior business leaders outside of IT.”

Effective CISOs Are Better at Managing Stress

The survey also found that highly effective CISOs better manage workplace stressors. Just 27% of top performing CISOs feel overloaded with security alerts, compared with 62% of bottom performers. Furthermore, less than a third of top performers feel that they face unrealistic expectations from stakeholders, compared with half of bottom performing CISOs.

“As the CISO role becomes increasingly demanding, the most effective security leaders are those who can manage the stressors that they face daily,” said Mr Olyaei. “Actions such as keeping a clear distinction between work and nonwork, setting explicit expectations with stakeholders, and delegating or automating tasks are essential for enabling CISOs to function at a high level.”

Research shows ‘game needs to be changed,’ with security innovation years behind that of the attackers, the board a decade behind security discussions and regulation needing more industry input.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that the UK’s Mid-Market IT Leadership expects to see a shortfall in IT spend in 2022. While 52% of IT decision-makers believe their 2021 budget met the ambitions of their team, there seems to be less certainty and confidence about future finances — 61% think their budget will need to increase in 2022, but only 13% expect it to.
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and operational cloud services that is unique on the market, enabling clients across the world to meet the challenges of managing their data in the edge to cloud continuum, in line with the highest jurisdictional data governance requirements. Part of the Atos' OneCloud initiative, Atos OneCloud Sovereign Shield is a comprehensive edge to cloud platform ecosystem and highly secure service that improves the level of control clients have over the data they produce and exchange, helping them regain control and effectively deal with legal dependencies.
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets across Europe with further expansion into APAC planned.
Research from Avast has found that employees in almost a third (31%) of Small and Medium Businesses (SMBs) in the UK are connecting to the corporate network using personal devices that do not have any security controls in place, according to IT Decision Makers (ITDMs) within SMBs.
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53% offer backup services.
Trend Micro has published new research revealing that 90% of IT decision makers claim their business would be willing to compromise on cybersecurity in favor of digital transformation, productivity, or other goals. Additionally, 82% have felt pressured to downplay the severity of cyber risks to their board.
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real terms’ during 2022 – leading to increased cyber vulnerability.