Cybersecurity permeates every single organization in the world, as a breach can impact your operations, delivery of your product or service, and your brand. As a result, CISOs and their teams are under pressure from many directions, requiring them to take a broader perspective than they did in the past. CISOs need both technical and business skills.

Cybersecurity importance and impact are so significant that it has become a common discussion topic for boards of directors (BoDs) across all industries. This is not surprising, as 88% of respondents to the 2022 Gartner View from the Board of Directors Survey1 now regard cybersecurity as a business risk, and not a technology problem. 

As a result of this trend, cybersecurity leaders, including chief information security officers, are increasingly being asked to present on a wide range of cybersecurity topics. These include:

• Daily cybersecurity needs — Providing an overview of the latest trends, threats or incidents that are prominent in the media or being discussed on other boards — for example, ransomware.
• Staying current — Every CISO must stay current on fast-changing cybersecurity news, manage effective incident response, adapt cybersecurity approaches to rapid changes, and influence and drive secure behaviors.
• Demonstrating value and proactively managing investments — A CISO must summarize how the cybersecurity team’s investments are delivering value to the organization. This requires defining cybersecurity metrics, securing a defensible budget, effectively partnering across the business, and improving individual and team effectiveness. Additionally, the CISO may need to raise the level of cybersecurity literacy for the board of directors and other leaders in the organization.
• Building and optimizing their cybersecurity program — This includes things such as defining their cybersecurity strategy, defining their cybersecurity architecture, building and maintaining teams. and managing risk. One staple of any cybersecurity program involves the assurance that the organization meets its compliance obligations.

1 The 2022 Gartner View From the Board of Directors Survey was conducted online from May through June 2021 among 273 respondents from the U.S., Europe and Asia/Pacific. Companies were screened to be midsize, large or global enterprises. Respondents were required to be a board director or a member of a corporate BoD. If respondents serve on multiple boards, they answered for the largest company, defined by its annual revenue, for which they are a board member. 

Disclaimer: Results of this survey do not represent global findings or the market as a whole, but reflect the sentiments of the respondents and companies surveyed.

In this podcast, our host Frances Karamouzis is joined by Mary Ruddy, chief of research for our security and risk management team, to share how Gartner expert analysts are delivering research for all of these important areas. Her primary research areas are security and identity architecture, and access management including customer IAM. Ruddy’s thought leadership includes recent contributions to Top Trends in Cybersecurity, Top Strategic Technology Trends, Cybersecurity Mesh Architecture, Identity Fabric, and Identity Threat Detection and Response.