8 Trends for CISOs in 2024

Around this time each year, we get feedback from CISOs who are members of Evanta communities around the world via our annual Leadership Perspective Survey. I always get excited to see the results and dive into the feedback on their top concerns, challenges and priorities for the year.

We use this invaluable information to build our sessions and discussion topics for upcoming CISO community gatherings. That way, all of our content is driven ‘by CISOs, for CISOs,’ fulfilling our Evanta promise.

Recently, we wrote about the top general focus areas for CISOs in 2024. Now that we have a robust set of survey data (more than 1,000 CISOs and counting), we are evaluating the specific changes and trends between this year’s data and past years’. Below are 8 top-level observations about CISOs’ functional priorities, enterprise priorities and planned investment areas.

These are CISOs’ top priorities for their security function – and how they have shifted – for the past three years.

1. User Access/IAM/Zero Trust came in at #1 in 2024, up from #2 last year, and taking the top spot from cloud security, strategy and architecture for the first time in 2 years. This speaks to the expanded attack surface that CISOs continue to manage with hybrid and remote workforces and the various tools and technologies implemented to support them.

2. Generative & Traditional AI is a new answer selection this year – and immediately jumped into the top 5 priorities for CISOs, coming in at #5. Security leaders face high demand for AI implementation and want to harness the potential value of AI, but continue to focus on how to mitigate the risks.

3. Cloud Security, Strategy & Architecture remains an important initiative for CISOs, shifting only from #1 to #2 as a priority this year. Organizations continue to execute on their long-term cloud journeys, and CISOs help determine which functions operate in the cloud.

Even though executives face less economic uncertainty than last year, creating efficiencies and optimizing costs are still priorities for CISOs as they lead across the enterprise.

4. Increasing Operational Efficiencies and Productivity moved up to the top enterprise priority for CISOs, taking the place of Reducing Risk, which went from #1 to #2. This could potentially be related to the high demand for AI solutions and particularly for reducing redundant tasks, finding efficiencies and improving productivity with AI.

5. Optimizing or Reducing Costs dropped slightly from #3 last year to #4 this year. Interestingly, it still remains solidly in the top five, possibly reflecting the ongoing need to evaluate tools and demonstrate the ROI from security investments.

6. Increasing Revenue moved into the top five enterprise priorities for CISOs for the first time. This could reflect their overarching goal of creating closer alignment with the business to maximize the value and impact of their initiatives.

This year, 45% of CISOs report in the survey that their budgets for technology and services are the same as last year, and 38% of security executives plan to invest more than last year. The critical functional priorities for CISOs are reflected in how they plan to invest their resources this year – with IAM/Multi-Factor Authentication/Zero Trust topping the list.

7. 44% of CISOs plan to invest in the area of IAM/MFA/Zero Trust, followed by 37% who say they will spend on Generative & Traditional AI tools and solutions.

8. Almost equal percentages of CISOs – 34%, 34% and 33%, respectively – report they will invest in Governance, Risk & Compliance, Cloud Security/CASB and Data Loss Prevention this year.

In addition to these 8 trends, CISOs are focused on regulation and privacy in 2024. Last year, the Securities & Exchange Commission adopted rules requiring public companies to disclose material cybersecurity incidents they experience, and we will continue to have conversations about how CISOs can meet this requirement. 

To stay fully up-to-date on key topics and priorities for CISOs, join a CISO community. If you are already a member of an Evanta CISO community, check out MyEvanta to view upcoming opportunities to collaborate in person and virtually with your CISO peers.