Gartner identifies three steps for security & risk leaders to lead from an offensive position
To respond to an ever-changing threat landscape and increase impact among executive leadership, security and risk leaders should take a three-step approach to shift from a defensive to an offensive leadership position, according to Gartner, Inc.
“This is a time of extraordinarily high visibility for security leadership. By embracing an offensive mindset, security leaders have an opportunity to permanently shift their role from a service provider to a coach who provides critical strategy and guidance to support business value creation,” said Tina Nunno, Distinguished Research Vice President and Gartner Fellow.
During the Opening Keynote of the Gartner Security & Risk Management Summit India, which is taking place virtually through Tuesday, Nunno identified three steps for security and risk leaders to shift from a defensive to an offensive leadership approach.
Fifty-seven per cent of respondents in a recent Gartner survey said that Covid-19 has resulted in the CIO, CEO and other senior stakeholders becoming better educated on the value of security and risk management. To maintain this momentum, security leaders must identify whether they are acting defensively or offensively and reposition their personal leadership towards the latter.
“CISOs who find themselves frequently apologising or explaining security incidents are likely taking a defensive stance, which often results in security being siloed into a service provider role. Offensive-minded security leaders instead focus on innovation, forward-looking strategy and the role of security in supporting digital transformation, helping cement their position as critical business partners,” said Nunno.
Gartner research showed that top-performing enterprises embrace distributed accountability for digital outcomes. Security and risk leaders can improve outcomes by assigning security responsibilities to stakeholders across the enterprise, including line-of-business leaders, executive leadership and third-party vendors.
“Responsibility for securing the enterprise goes beyond just the security team. Transparent, proactive communication across the organisation will help security leaders promote distributed accountability and ensure that stakeholders are delivering on necessary outcomes,” added Nunno.
Gartner predicts that by 2024, 60 per cent of CISOs will establish critical partnerships with key market-facing executives in sales, finance and marketing, up from less than 20 per cent today. Such partnerships will be essential for enabling security and risk leadership to systematise approaches to enterprise security across functions.
Gartner research has found that enterprises are looking to increase their risk appetite into 2022. In this heightened risk environment, an offensive security approach will guide the enterprise through the resulting volatility and digital uncertainties.
“Boards and executives are generally focused on revenue, cost and risk. Security leaders can coach business stakeholders through security-related decisions by framing them around these three areas, helping determine what trade-offs the business is willing to make,” commented Nunno.
