9. Role (and stature) of security in the organization

Building a truly strong safety culture within their organization is another question that comes to mind for CISOs today – as has been the case for many years, according to several sources.

This remains a major concern because many find security remains in its own silo, often treated as an afterthought, says Theresa Lanowitz, chief evangelist for LevelBlue, a managed security services provider.

Too often, CTOs, CIOs and innovation teams don’t include security from the start of projects, she explains. And many CEOs, boards of directors and other leaders do not yet view security as a business tool or an essential part of the company’s work.

“Cybersecurity,” Lanowitz adds, “is still not part of the fabric.”

Lanowitz does, however, see improvements as more organizations adopt security by design principles and DevSecOps practices, and as more CISOs champion and adopt on an equal footing with other leaders.

“We’re seeing more and more organizations embrace security from the top down and view it as a business requirement and not just a technical issue,” says Lanowitz.

10. Achieve operational excellence

Aside from any issues that might arise from year to year, CISOs say they continue to focus on achieving operational excellence, always a difficult and complex task.

“While the foundations of a cybersecurity program remain relatively constant, protecting operations and data involves constant navigation of new technologies and dynamic threats,” says Cody. “Cybersecurity updates must integrate seamlessly with existing systems, which requires a deep, operational-level understanding of the business activities you are protecting and securing. Cybersecurity teams need to stay ahead of the curve and not catch up.