The CISO Business Leader: What’s Ahead for CISOs in 2022

Based on conversations with CISOs in our communities, we often take a moment to reflect on the evolving role of the CISO. We’ve written previously about changes to the CISO role as a result of the pandemic, including their increased influence at high levels of the organization while they secured a remote workforce and managed heightened threats. And, we’ve written about the non-stop, high-stress nature of the role (and the workload) and whether it can be sustained. 

This year, it seems that security leaders are well-established as an influential and critical part of the C-level leadership team. More and more, their roles involve broader risk management, even beyond cybersecurity, and they have to work collaboratively and cross-functionally to communicate about threats and risks to the entire workforce. 

As Electrolux CISO Robert Mungenast recently noted in another article, “The CISO role is rapidly moving away from the technical side of cybersecurity and into the realm of risk management and business enablement.” 

In addition, Gartner predicted in their Top Security and Risk Management trends for 2021 that “By 2025, 40% of boards of directors will have a dedicated cybersecurity committee overseen by a qualified board member, up from less than 10% today.” 

The importance of the CISO role, along with safeguarding the company reputation and the enterprise, will continue to be a thread throughout these three areas for focus for CISOs in 2022:

1. Supporting Business Agility with Risk-Based Programs

CISOs are tasked with enabling business leaders to make the right decisions and helping the enterprise balance the related risks and benefits. As organizations become more complex, CISOs have an opportunity to transform digital risk management into a competitive advantage.

1. Evaluating, Communicating and Responding to Evolving Threats

As the threat landscape continues to evolve, CISOs must take a proactive and adaptive approach to protect the organization from outside threats. CISOs continue to innovate and leverage automation to match and exceed the level of sophistication used by bad actors.

1. Building a Culture of Security to Enable Smart, Secure Decision-Making

With the increased adoption of remote and hybrid work, the cybersecurity mesh continues to expand. Security must be a high-priority for every employee, and CISOs must lead the charge to embed company culture with reliable security practices.

The expanded and visible role of the CISO is only likely to increase as the workforce and security threats remain distributed. As security leaders add broader risk management and business enablement capabilities to their plates, we will offer ways to collaborate on their new opportunities and challenges.

We will also fine tune what CISOs are focused on as we receive responses to our annual Leadership Perspective Survey. This critical feedback from the Evanta CISO community helps us to facilitate the most relevant and valuable discussions at our community events.