Only 12% of chief information security officers (CISOs) excel in all four categories of the Gartner CISO Effectiveness Index, according to a survey by Gartner, Inc.
Gartner analysts presented the survey findings and discussed the traits of top-performing CISOs during Gartner Security & Risk Management Summit 2020, taking place virtually in the Americas and EMEA through today.
“Today’s CISOs must demonstrate a higher level of effectiveness than ever before,” said Sam Olyaei, research director at Gartner. “As the push to digital deepens, CISOs are responsible for supporting a rapidly evolving set of information risk decisions, while also facing greater oversight from regulators, executive teams and boards of directors. These challenges are further compounded by the pressure that COVID-19 has put on the information security function to be more agile and flexible.”
The 2020 Gartner CISO Effectiveness Survey was conducted among 129 heads of information risk functions, across all industries, globally in January 2020. Gartner’s measure of CISO effectiveness is determined by a CISO’s ability to execute against a set of outcomes in the four categories of (i) functional leadership, (ii) information security service delivery, (iii) scaled governance and (iv) enterprise responsiveness. Each respondent’s score in each category was added together to calculate their overall effectiveness score. Gartner defines “effective CISOs” as those who scored in the top one-third of the CISO effectiveness measure.
Top-Performing CISOs Demonstrate Five Key Behaviors
Of the factors that impact CISO effectiveness, Gartner revealed five behaviors that that significantly differentiate top-performing CISOs from bottom performers. On average, each of these behaviors is twice as prevalent in top performers than in bottom performers (see Figure 1).