DECEMBER 23, 2024
CISOs’ top priorities this year included user access and identity access management, cloud security and measuring and communicating risk. Even though change management itself was not a top initiative, security leaders recognize the importance of managing internal change to achieve their objectives. From securing AI adoption to raising security awareness, security initiatives that impact the whole organization have a change management component to them.
Each year, we ask members of our communities about a trending topic, and recently, we surveyed them on change management. According to Gartner research, change management is no longer a one-time event for organizations, but an ongoing process, sometimes involving multiple changes at once.
Given the importance of managing change when it comes to IT and security initiatives, we wondered if CISOs are involved in change management and how their companies are progressing at it. Here are four highlights based on more than 200 CISOs’ responses to our Community Pulse Survey on Change Management.
1. Involvement in change management initiatives
Seventy-one percent of CISOs report that they are currently working on an initiative that requires change management, and another 8% of security leaders say that they will be in the future. That leaves 21% of executives who are not undergoing any change management, which is the highest percentage who are not currently engaged in change management initiatives among the C-suite roles that we surveyed.
When we asked security leaders what kinds of initiatives required change management, they responded with digital transformation or digital platform consolidation, AI adoption, ERP implementation, and organizational restructuring, among others.
One CISO indicated that they were implementing multiple changes at once, writing that their projects included “modernization of technology, revamping of financial reporting processes and systems, acquisitions, and new client growth initiatives.”
When it comes to CISOs’ role in change management, 61% said they provide strategic direction, 52% report they engage and communicate with stakeholders, and 48% monitor and evaluate the progress of change initiatives.
2. Factors in successful change management
In terms of the factors that impact the success of change management, 40% of CISOs believe that executive leadership or sponsorship is the most important. The next two biggest factors cited by security leaders were communications and providing context for change (22%) and employee engagement (20%). Investing resources in change management came in fourth with 14% of CISOs citing it as the top factor.
3. Confidence in change management capabilities
Overall, CISOs appear to be quite confident in their organizations’ change management capabilities, with 65% saying they are “somewhat confident,” and 31% reporting they are “very confident.” Only a small percentage of CISOs (5%) are not confident in their company’s ability to manage change.
4. Challenges in implementing change management
We also asked CISOs in our survey to tell us about the challenges in managing change, and their answers were wide-ranging. One security leader mentioned that their challenge is “balancing the need for proper due diligence against the timely implementation of changes.” Other executives responded about creating alignment across the organization, with one writing, “Driving consensus and/or aligning on the path forward.”
Other CISOs wrote about communications and prioritization challenges. One indicated that it was challenging to “manage change on top of our existing workload – often change just adds, but doesn't take away.”
With change an ongoing activity for leaders and organizations, some CISOs cited change fatigue as a challenge, as well. We asked how leaders can cope with it – here is a sample of their responses:
Pace out the changes and communicate the need and the reason for the change.”
Ensure the benefits are understood and offer support to those who need it.”
Communicate constantly on the value proposition of the change.”
By communicating the end goal clearly.”
With a concrete and solid roadmap.”
Limit and prioritize the changes.”
To see all of the findings from our recent Community Pulse Survey with CISOs, check out our infographic on Change Management.
Are you currently trying to implement an initiative that requires change management? Join your local Evanta CISO community to engage on this topic with your peers. Or, if you are already a member of a CISO community, check out MyEvanta to view upcoming opportunities to discuss this and other timely security topics for CISOs.
by CISOs, for CISOs
Find your local community and explore the benefits of becoming a member.
