Top 8 Trends for CISOs in 2023


Community Blog
Written by Laurel Hiestand

APRIL 25, 2023

As the senior director of content for our CISO communities, this is my favorite time of year – it’s when we analyze survey input from thousands of CISOs involved in our communities about their interests, priorities, and goals for the year. We add feedback from hundreds of conversations to that data and use all of that information to plan the most relevant, compelling sessions for our upcoming Executive Summits. 

Our ‘by CISOs, for CISOs’ model ensures that community members have direct input on the content, and as someone working to provide the most compelling experiences for CISOs, we think it’s important that they help drive the conversations.

We also take the opportunity with our annual survey to observe year-over-year trends that we’re seeing among our community members. We’ve heard from 1,100+ CISOs in 2023, and below are some top-level observations about their business priorities, functional priorities and planned investment areas.

Perhaps due to the uncertainty in the economy coming into this year, CISOs have elevated operational efficiencies and optimizing budgets as enterprise initiatives.

  1. Increasing Operational Efficiencies and Productivity moved up from #3 to #2, and Optimizing or Reducing Costs jumped up into the top five from #9 last year – suggesting that CISOs are feeling some economic pressures and keeping an eye on their resources.
  2. Reducing Risk is the #1 enterprise priority for CISOs for the third year in a row. This is no surprise given their role and the increased threats they’ve faced for the past few years. 
  3. Driving Growth dropped down from #2 to #4 in 2023, as a result of the increased focus on efficiencies and costs, but still remains a top-five enterprise priority. 
     

These are CISOs’ top five priorities for their function – and how they have shifted – for the past three years.


4. Incident Response/Ransomware – a new answer choice this year – jumped into the top five in its first year on the survey due to overwhelming feedback that it was missing from the topic list, coming in at #5. This likely reflects the need for CISOs to handle ongoing and new threats and ransomware attacks as the reality of their roles today. 

5. Cloud Security, Strategy & Architecture remains the #1 priority for the second year in a row. Executives report that many of their organizations are still on a cloud journey or continuing to determine which functions should be in the cloud.

6. User Access/IAM/Zero Trust came in at #2, up from #4 last year, and was not even in the top five in 2021. This speaks to the expanded attack surface that CISOs have to manage with hybrid and remote workforces and the various technologies implemented to support them.

The major functional priorities for CISOs are reflected in how they plan to allocate their resources this year – with IAM/Multi-factor authentication and Cloud security/CASB coming in as tied for the top spot.


7. Equal percentages of CISOs – 41% – report they will invest in IAM/Multi-factor authentication and in cloud security, with these two areas remaining tied for the top spot throughout the survey analysis.

8. 39% of CISOs identified data loss prevention as an investment priority, and the top five spending areas have fairly close numbers of CISOs selecting them.

Without question, CISOs are focused on protecting the enterprise from risks. In 2023, they are increasingly focused on the business aspects of their role – helping to enable their organizations to drive growth securely, find operational efficiencies and thoughtfully manage resources. The CISO role continues to reach beyond security into securely enabling the business.  

You can see a more complete view of the survey results here, or check out our calendar for opportunities to join a conversation with your CISO peers. 
 

Laurel Hiestand headshot

Laurel Hiestand

Sr Director, Content at Evanta, a Gartner Company