Top 3 Areas of Focus for CISOs in 2023


Community Blog
Written by Laurel Hiestand

FEBRUARY 21, 2023

The scope and visibility of the CISO role has increased over the past several years. With cybersecurity attacks and data breaches happening in the public eye, there is a heightened need for executives at the highest levels to understand more about security and risks to their organizations. For the CISO, that means increased communications to C-suite peers and board members and an elevated position in the conversation about overall risk management. 

In addition, businesses are coming out of the pandemic – and steering around economic potholes – focused on growth. A key driver of growth is digital initiatives, and for CISOs, that means that they not only have to be vigilant about current threats, but must be mindful of future innovations in the organization that could expose new vulnerabilities. As Gartner notes in its Four Facets of Effective CISO Leadership, “Best-in-class cybersecurity leaders focus squarely on protecting and enabling enterprise priorities.” 

CISOs are a key business partner in helping organizations drive growth in a secure manner. They are still operating in a challenging environment, faced with advanced cybersecurity threats and the need to find and train skilled workers. Coupled with economic uncertainty and the ensuing pressure on resources, the role has never been more demanding. 

It’s important for CISOs to have a seat at the table while they focus on these three key areas in 2023: 
 

  1. Advancing the Business Value of Security

CISOs play a critical role in the enterprise task of risk management. It’s important for them to articulate risks in a way that is understandable and transparent – and provide metrics that quantify possible outcomes. In addition, if security leaders are provided the budget required to protect the organization, they also have to demonstrate that they are good stewards of that budget.
 

  1. Protecting Critical Infrastructure Against Advanced Attacks

The core function of a CISO has only gotten more complex. CISOs’ top priority is protecting an organization’s assets and infrastructure, and they will continue to leverage partnerships, automation and innovation wherever they can to counter evolving threats. They are also tasked with creating security awareness and best practices – and adoption – across the organization.
 

  1. Investing in Company Culture to Attract Talent and Empower Staff

For CISOs, there are open security roles to fill, but even more challenging, as the threats change and evolve, so must the skills of cybersecurity workers. This year, CISOs will focus on attracting and upskilling cybersecurity talent, along with developing a culture that supports retention. As the Gartner report notes, CISOs need to look down the road and “pursue more future-forward talent strategies.”


The expanded role of the CISO is here to stay, and the high-risk, high-stress nature of cybersecurity is well-documented. This year, there are ongoing conversations in our Evanta CISO communities about workload, stress, mental health and well-being. The business of security means that CISOs will add elevated communications, risk management and digital business enablement to their plates. As these plates are increasingly full to overflowing, we will continue to offer ways to collaborate with peers on opportunities and challenges.

As Liz Banbury, CISO at Hiscox, said when asked about advice for new CISOs: “Keep calm, listen and find those who will support you. Having a support network, both internal and external, is really important.”

As our annual Leadership Perspective Survey responses come in, we are evaluating what CISOs are prioritizing as their mission critical priorities for the year. To stay current on what your CISO peers are talking about and validate your strategies with theirs, join a CISO community near you, or check out our calendar for opportunities to get together in person and virtually.
 

Laurel Hiestand headshot

Laurel Hiestand

Sr Director, Content at Evanta, a Gartner Company