1、Top 3 Strategic Priorities for Security and Risk Management LeadersLeadership Vision for 2023 2023 Gartner,Inc.and/or its affiliates.All rights reserved.CM_GTS_2107928Leadership Vision for 2023:Top 3 Strategic Priorities for Security and Risk Management Leaders2Gartner for Cybersecurity LeadersFollo

2、w Us on LinkedInBecome a Client From Tom Scholtz,Distinguished VP AnalystTodays organizations are facing uncertainty brought about by persistent inflation;scarce,expensive talent;and global supply constraints caused by the Russian invasion of Ukraine,COVID-19 lockdowns and energy shortages.This trip

3、le squeeze is impacting business globally and directly impacting the cybersecurity threat landscape for 2023.The decisions you make as a cybersecurity leader in difficult times will determine if your company takes unnecessary cybersecurity risks or is able to leverage technology innovation in order

4、to thrive.Your teams must be capable of agile pivots.Despite economic uncertainty and perceived headwinds leading into 2023,chief information security officers(CISOs)indicate their current plans call for continued investment in cybersecurity.Cybersecurity risks also increase as technology decisions

5、become more democratized.Top-performing CISOs have the courage to experiment with new ideas.They should focus on improving their own personal effectiveness and driving cultural change in their enterprises,and champion the adoption of cyber judgment.As organizations continue to invest in technologies

6、 to innovate and differentiate themselves from competitors,security and risk management(SRM)leaders must ensure risk is measured and managed,while executing new ways to educate and guide the organization on security best practices.Gartner Leadership Vision provides top-level guidance to leaders and

7、their teams on where to focus based on our data-driven research.Were providing detailed insights to our clients across dozens of roles,and were now excited to share excerpts with the business community beyond our clients.We hope this will help you to focus discussions with your teams,peers and other

8、 leaders so you can more quickly and effectively diagnose priorities and actions,especially as you solidify your strategic plans for 2023.Tom ScholtzDistinguished VP Analyst Leadership Vision for 2023:Top 3 Strategic Priorities for Security and Risk Management Leaders3Gartner for Cybersecurity Leade

9、rsFollow Us on LinkedInBecome a Client Unique business environments require a team effortSRM leaders work to enable security digitalization in an increasingly complex and dangerous world.As organizations deal with unpredictable operating environments while seeking out innovative technologies to prov

10、ide competitive differentiation,they are willing to increase their risk appetites and invest robustly in security for the foreseeable future.To understand and respond to both internal and external challenges,its more critical than ever for SRM leaders to partner with stakeholders across the organiza

11、tion,ensuring business leaders have the knowledge and capabilities to make informed,high-quality security risk decisions.Source:GartnerEnterprise Architecture and Technology InnovationApplicationsSourcing,Procurement and Vendor ManagementSoftware EngineeringInfrastructure and OperationsCIOData and A

12、nalyticsSecurity and RiskSecurity and Risk Managers Role on the Team:Enable secure digitalization Drive cyber judgment Establish a cyber-risk-aware cultureStrategic Portfolio ManagementGeopolitical PolarizationIncreasing InflationSupply Chain DisruptionsCxO and Business LeadersLabor and Skills Short

13、ageLeadership Vision for 2023:Top 3 Strategic Priorities for Security and Risk Management Leaders4Gartner for Cybersecurity LeadersFollow Us on LinkedInBecome a Client Three key trends impacting SRM leaders More technologists working outside of IT To best achieve digital acceleration,67%of CEOs want

14、 more technology work done within business functions.This trend means more“business technologists”employees outside of the IT organization who can not only use tech,but produce it on teams outside the direct control of the SRM leader.The cybersecurity mesh evolvesIf endpoints,digital citizens and IT

15、 assets can be located anywhere,cybersecurity controls need to follow suit.The cybersecurity mesh approach is a highly flexible and collaborative ecosystem of composable,distributed tools and controls that is being successfully applied to protect assets across the organization and the world.Increase

16、d focus on third-party security risksRecent cybersecurity incidents have highlighted weaknesses in supply chains.By 2025,60%of organizations will use cybersecurity risk as a significant factor in conducting third-party transactions to prevent the compromise of information,systems and infrastructure.

17、Leadership Vision for 2023:Top 3 Strategic Priorities for Security and Risk Management Leaders5Gartner for Cybersecurity LeadersFollow Us on LinkedInBecome a Client Challenges and actions for the SRM leader Dealing with the human factorDriving SRM effectivenessAccelerating the cyber judgment journey

18、The majority of data breaches continue to involve a human element.A recent Gartner survey found that employees still engage sometimes knowingly in recognized risky security practices like using the same password for multiple accounts or opening emails from unknown sources on work devices.Currently o

19、nly 12%of SRM leaders exceed stakeholder expectations.Leaders must improve effectiveness across all their areas of responsibility to demonstrate their ability to deliver on cybersecurity priorities.SRM leaders must support the ability of decisionmakers throughout the organization to independently ma

20、ke informed risk decisions also known as cyber judgment rather than relying on the SRM team or automation.Actions for the SRM leaderEmploy the Gartner PIPE framework which focuses on practices,influences,platforms and enablers to guide the successful execution of a security behavior and culture prog

21、ram.Focus on improving effectiveness across identified categories to better align with the business priorities and protect the security of the organization.Drive cyber judgment across the enterprise by supporting autonomy through strategies like self-certification and group trust scoring.Leadership

22、Vision for 2023:Top 3 Strategic Priorities for Security and Risk Management Leaders6Gartner for Cybersecurity LeadersFollow Us on LinkedInBecome a Client Reduce the human factor on security risksTo reduce the negative impact of human behaviors on cybersecurity risk levels,SRM leaders must take a rad

23、ically different approach to their security training programs.The Gartner PIPE framework can guide that execution.Leaders must also mitigate digital supply chain risks by developing best practices around third-party interactions.Source:GartnerActionConsider the user experience when designing control

24、s.Design role-relevant cybersecurity learning experiences.Focus on outcome-driven metrics to determine how well the organization is protected.When engaging with supply chain vendors:Identify potential security risks across shared data and infrastructure.Ensure youre meeting new regulatory mandates.C

25、reate key partnerships across stakeholders to develop joint governance.Evaluate and implement emerging best practices.Recommended Next Steps1234 Security Behavior and Culture ProgramExecutiveSupportEngagingVisionEvaluateOutcomesExpertiseExecute MindfullyPracticesInfluencesPlatformsLeadership Vision

26、for 2023:Top 3 Strategic Priorities for Security and Risk Management Leaders7Gartner for Cybersecurity LeadersFollow Us on LinkedInBecome a Client Improve leadership effectivenessAs the role of the SRM leader continues to evolve and expand,its critical to continually assess and improve leadership ef

27、fectiveness across categories.SRM leaders must align their priorities with those of the business to better drive value and protect the enterprise.ActionBuild relationships with senior leadership outside of IT.Prevent future risks by updating decision makers on new security norms.Proactively secure b

28、usiness use of AI.Track workforce performance and address skills gaps creatively.Manage stress by maintaining boundaries between work and private life.Recommended Next Steps12345Source:Gartner1 Future-Risk Manager3 Workforce Architect3 Executive Influencer3 Stress NavigatorProactively engage in secu

29、ring emerging technologies.View relationships as core to effectiveness.Aid senior decision makers with information risk tradeoffs.Effective CISOCollaborate on enterprise risk appetite.Build relationships with senior decision makers outside the context of projects.Proactively identify risks in unmana

30、ged domains adjacent to information security.Set a clear boundary between work and nonwork.Believe job stressors are within a CISOs direct control.Develop a formal and actionable succession plan.Focus talent strategy on future security skills needs of the enterprise.Make senior decision makers aware

31、 of future risks.Inform senior decision makers of evolving security norms.Develop an enterprisewide controls automation strategy.Protect recurring professional development time.Leadership Vision for 2023:Top 3 Strategic Priorities for Security and Risk Management Leaders8Gartner for Cybersecurity Le

32、adersFollow Us on LinkedInBecome a Client Source:GartnerDrive security capabilities across the enterpriseSupporting groups outside the direct influence of the SRM leader to perform cybersecurity activities independently builds competence across the organization and allows SRM teams to focus on highe

33、r-value activities.Initiating a cybersecurity mesh strategy will help strengthen the security of integrated systems and protect access,configuration and data no matter where assets are located.123ActionEmpower delivery teams to self-certify applications for release through the QP Express program.Use

34、 group trust scoring to identify teams that are capable of executing cybersecurity activities.Initiate your cybersecurity mesh strategy:Assess maturity of currently deployed tools.Survey your teams ability to integrate.Determine a reasonable level of investment.Decide how to build with a mix of prop

35、rietary integrations and open standards,a consolidated platform,layered composable products or a combined approach.Recommended Next StepsTable StakesCIOCEOHead of SalesCDOBusiness Unit LeadersBoard of DirectionsChief Marketing OfficerCHROExternal AuditCFOHead of CommunicationsHead of ApplicationsHea

36、d of InfrastructureHead of Project ManagementValueValueCISOLeadership Vision for 2023:Top 3 Strategic Priorities for Security and Risk Management Leaders9Gartner for Cybersecurity LeadersFollow Us on LinkedInBecome a Client Explore these additional complimentary resources and tools for security lead

37、ers:Already a client?Get access to even more resources in your client portal.Log InActionable,objective insightToolIT Score for Security and Risk ManagementGain perspective on your highest-priority activities.Learn MoreRoadmapThe IT Roadmap for CybersecurityCreate a resilient,scalable and agile cybe

38、rsecurity strategy.Download RoadmapeBook3 Must-Haves in Your Cybersecurity Incident Response PlanImprove your organizations ability to prepare for an incident.Download NoweBookFour Facets of Effective CISO LeadershipDiscover how best-in-class leaders tackle their expanding remit.Download Now10Advanc

39、e your 2023 IT strategy by attending a Gartner destination conference!In 2022,Gartner hosted 34 conferences with more than 46,000 business and technology professionals in attendance.Join forward-thinking leaders this year at conferences that accelerate learning,guide decision making and identify imp

40、ortant trends.Dont miss out.View the 2023 Conference Calendar today and find the conference thats right for you.Explore the Calendar 2023 Gartner,Inc.All rights reserved.Leadership Vision for 2023:Top 3 Strategic Priorities for Security and Risk Management Leaders11Gartner for Cybersecurity LeadersF

41、ollow Us on LinkedInBecome a Client 2023 Gartner,Inc.All rights reserved.CM_GTS_2107928Connect With UsGet actionable,objective insight to deliver on your mission-critical priorities.Our expert guidance and tools enable faster,smarter decisions and stronger performance.Contact us to become a client:U.S.:1 866 263 8917 International:+44(0)03301 628 476Become a ClientLearn more about Gartner for Cybersecurity Leaders connected to the latest insights