sb-nz logo
Story image

Revealed: The behaviours exhibited by the most effective CISOs

18 Sep 2020

As cybersecurity threats mount up and more gets asked of CISOs, Gartner has today revealed that only 12% of chief information security officers’ excel’ in all four categories of the Gartner CISO Effectiveness Index.

Gartner’s determines the measure of CISO’s effectiveness by their ability to execute against a set of outcomes in (1) functional leadership; (2) information security service delivery; (3) scaled governance and (4) enterprise responsiveness. 

Gartner defines ‘effective CISOs’ as those who scored in the top third of the CISO effectiveness measure.

“Today’s CISOs must demonstrate a higher level of effectiveness than ever before,” says Gartner research director Sam Olyaei.

“As the push to digital deepens, CISOs are responsible for supporting a rapidly evolving set of information risk decisions, while also facing greater oversight from regulators, executive teams and boards of directors. 

“These challenges are further compounded by the pressure that COVID-19 has put on the information security function to be more agile and flexible.”

The survey upon which the scores were based was conducted among 129 CISOs, across all industries globally in January of this year.

The behaviour indicators of top-performing CISOs

There were clear and disparate behaviours that differentiated the top-performing CISOs to their counterparts. 

Olyaei says one of the most prominent was a high level of proactiveness, widely deemed all but essential in the cybersecurity business. This can mean staying ahead of and anticipating the threats, communicating emerging risks with stakeholders or having a formal succession plan.

“CISOs should prioritise these kinds of proactive activities to boost their effectiveness,” says Olyaei.

Another behaviour exhibited by more effective CISOs was the practice of meeting with three times as many non-IT stakeholders as they do IT stakeholders. 

Two-thirds of top-performers meet at least once per month with business unit leaders, while 43% meet with the CEO, 45% with the head of marketing and 30% with the head of sales.

“CISOs have historically built fruitful relationships with IT executives, but digital transformation has further democratised information security decision making,” says Gartner senior research director Daria Krilenko.

“Effective CISOs keep a close eye on how risks are evolving across the enterprise and develop strong relationships with the owners of that risk – senior business leaders outside of IT.”

Cybersecurity is a traditionally stressful industry, as CISOs are charged with the protection of critical data which, if compromised, can easily sink an organisation if mishandled.

It should come as no surprise, then, that CISOs who manage their stress and keep on top of workplace stressors are more effective.

Just 27% of top-performing CISOs feel overloaded with security alerts, compared with 62% of bottom performers, while less than a third of top performers feel that they face unrealistic expectations from stakeholders, compared with half of bottom performing CISOs.

“As the CISO role becomes increasingly demanding, the most effective security leaders are those who can manage the stressors that they face daily,” says Olyaei. 

“Actions such as keeping a clear distinction between work and non-work, setting explicit expectations with stakeholders, and delegating or automating tasks are essential for enabling CISOs to function at a high level.”

Story image
BlackBerry partners with ServiceNow for incident response management
BlackBerry has announced it has entered into a partnership with ServiceNow to integrate the BlackBerry AtHoc service within the Now platform for rapid crisis communications and IT service management. More
Story image
New project development inhibited by cybersecurity, Kaspersky research states
"There are still some practical steps that can be taken to make sure that an emerging technology or a product reaches its launch. Cybersecurity doesn’t have to be another corporate barrier, but it should be on an integral part of the project all long."More
Story image
NZX, Metservice attacks show Kiwi companies must rethink cyber security
The attacks are a wake-up call for New Zealand businesses to step up their threat protection and contingency planning systems.More
Story image
M.Tech to distribute Securonix SIEM in A/NZ
The partnership adds to Securonix’s investments in infrastructure and personnel in Asia-Pacific following 100% year over year revenue growth in the region.More
Story image
How cyber-attackers use Microsoft 365 tools to steal data
Vectra security research has recently identified how cyber-attackers use Microsoft Office 365 tools against organisations to steal data and take over accounts.More
Story image
Gartner reveals the top strategic tech trends for 2021
“CIOs are striving to adapt to changing conditions to compose the future business - this requires the organisational plasticity to form and reform dynamically. Gartner’s top strategic technology trends for 2021 enable that plasticity.”More