Risk Assessments/Management, Vulnerability Management

These 5 behaviors differentiate the top-performing CISOs, according to Gartner

Gartner’s research identified five behaviors that significantly differentiated top-performing CISOs from bottom performing ones. (Image Credit: Oscar Wong)

More than two-thirds of top-performing chief information security officers (CISOs) dedicate recurring time for professional development, according to a new survey by Gartner. The 69% figure compares with just 36% of the bottom-performing CISOs who do so.

The survey of 227 CISOs was collected from 2020 through 2023 as part of a benchmark survey, with those scoring in the top one-third ranked as “top performers.” Gartner’s research identified five behaviors that significantly differentiated top-performing CISOs from bottom performing ones. According to Gartner, these qualities were at least 1.5 times as prevalent in top performers.

More than three-quarters of top-performing CISOs initiated conversations on evolving norms to stay ahead of threats, compared with just half of the bottom-performing CISOs, for example. 

Nearly two-thirds of the top performers (63%) proactively engage in securing emerging technologies like artificial intelligence (AI), machine learning (ML) and blockchain, compared with 38% of the bottom performers.

Top-performing CISOs also proactively engage with senior decision-makers by building relationships outside the context of projects (65%), and by collaborating to define enterprise risk appetite (67%). The most effective CISOs regularly meet with three times as many non-IT stakeholders such as the heads of sales, marketing or business unit leaders, according to Gartner.

“As the CISO role continues to rapidly evolve, it becomes even more critical for security and risk leaders to protect time for professional development,” said Chiara Girardi, senior principal, research at Gartner. “Developing new skills and knowledge as the role changes is essential to effectively serve as a strategic advisor to the business — the new CISO paradigm.”

Stephen Weigand

Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds