9. Security’s role (and stature) in the organization
Building a true, robust security culture across their organization is another top-of-mind issue for CISOs today — as it has been for many years, multiple sources say.
It remains a top concern because many find that security remains in its own silo, treated often as an afterthought, says Theresa Lanowitz, chief evangelist for LevelBlue, a managed security service provider.
Too often CTOs, CIOs, and innovation teams don’t include security at the start of projects, she explains. And many CEOs, boards, and other C-suite leaders don’t yet see security as a business-enabler or core to the company’s work.
“Cybersecurity,” Lanowitz adds, “is still not part of the fabric.”
Lanowitz sees improvements, however, as more organizations adopt secure-by-design principles and DevSecOps practices, and as more CISOs advocate for and land equal footing with other executives.
“We’re seeing more organizations embrace security from the top down and see it as a business requirement and not just a technical problem,” Lanowitz says.
10. Achieving operational excellence
In addition to all the issues that might arise one year to the next, CISOs say they continue to focus on achieving operational excellence — an always challenging and complex task.
“While the basics of a cybersecurity program remain fairly constant, the protection of operations and data involves constant navigation of new technologies and dynamic threats,” Cody says. “Cybersecurity updates need to integrate seamlessly with existing systems, which requires a deep understanding, at an operational level, of the business activities you’re protecting and securing. Cybersecurity teams need to be ahead of the curve, not playing catch-up.”