For example, the survey found that 77% of top-performing CISOs initiate conversations in the enterprise on evolving national and international security norms, such as hacking back and threat attribution. This is compared with just half of bottom performers who do so.
“No organization can be fully protected against every cyber-threat,” said Girardi. “The most effective CISOs stay apprised of existing and emerging risks so they can provide leadership with context around the most significant threats facing the business, to influence investments and risk decisions accordingly.”
Additionally, 63% of top-performing CISOs proactively engage in securing emerging technologies like artificial intelligence (AI), machine learning (ML) and blockchain, compared with just 38% of bottom-performing CISOs.
“As AI adoption proliferates, CISOs are already behind the curve in assessing its risk impact,” said Girardi. “Threat actors are always one step ahead, so CISOs must be more proactive in understanding the security impact of technologies like generative AI and communicating those risks with senior business leadership.”
Top-performing CISOs proactively engage with senior decision-makers across the business, such as by building relationships outside the context of projects (65%) and by collaborating to define enterprise risk appetite (67%). Furthermore, the most effective CISOs regularly meet with three times as many non-IT stakeholders compared to IT stakeholders, such as heads of sales, heads of marketing and business unit leaders.
“Non-IT functions are key partners that can take technology and cybersecurity decisions outside of IT,” said Girardi. “By setting aside dedicated time to build relationships with senior business decision-makers across the enterprise, CISOs can cultivate an environment where decision makers understand and care about cybersecurity, as well as consider cybersecurity implications in their decision making.”
Gartner clients can learn more in “Key Behaviors Driving CISO Effectiveness.” Learn how to be an effective cybersecurity leader in the complimentary Gartner ebook Four Facets of Effective CISO Leadership.
Gartner Security & Risk Management Summit
Gartner analysts will be presenting the latest research and advice for security and risk management leaders at the Gartner Security & Risk Management Summit, taking place September 26-28 in London. Follow news and updates from the conferences on X using #GartnerSEC.
About Gartner for Cybersecurity Leaders
Gartner for Cybersecurity Leaders equips security leaders with the tools to help reframe roles, align security strategy to business objectives and build programs to balance protection with the needs of the organization. Additional information is available at https://www.gartner.com/en/cybersecurity.
Follow news and updates from Gartner for Cybersecurity Leaders on X and LinkedIn using #GartnerSEC. Visit the Gartner Newsroom for more information and insights.