June 21, 2022
June 21, 2022
Contributor: Lori Perri
CISOs worry about major security incidents and believe their tenure at the organization will be threatened should they occur. In reality, however, they are primarily judged by their response to a breach.
In short:
You may worry that major security breach incidents threaten your job and be tempted to focus on short-term priorities over longer-term initiatives. In reality, most CISOs experience a major breach during their careers, but they are more often judged on the effectiveness of their incident response than the fact the breach occurred.
Download now: 3 Must-Haves in Your Cybersecurity Incident Response Plan
In the rare case that a CISO is terminated for a breach, it is unlikely they did the due diligence in their preparation and response plans to adequately mitigate harm to the business.
By focusing your time and attention on your preparation and response, you can increase your overall effectiveness and better meet the expectations of your board, CEO and C-suite peers.
“Our research shows that CISOs’ tenure is directly determined by circumstances they can — rather than can’t — control. Embrace this ideal reality and strike a proper balance between both short-term and long-term goals by using proper goal and project portfolio prioritization,” says Josh Murphy, Senior Principal, Research, Gartner.
When a CISO leaves an organization after a major breach, it can be for several reasons, many of which can be career-enhancing. A major breach might cause you to want to work in a new industry or with a new technology. The initial stress of recovering from the breach could also encourage you to reflect on your work-life balance and make professional adjustments to accommodate a more personally sustainable lifestyle.
You should feel secure in your role if you have taken the proper steps to prepare for a major breach. There has never been a time when the business has valued their CISOs more than they do now.
Learn more: Your Ultimate Guide to Cybersecurity
You are prepared for a breach when you have implemented a necessary response plan that sufficiently mitigates harm to the business. By being mindful of what you can control and focusing on preparation and response, you can heighten your company’s overall security awareness, and offer an opportunity to test and improve response plans and drive behavior change.
Join your peers for the unveiling of the latest insights at Gartner conferences.
Recommended resources for Gartner clients*:
Do Breaches Really Shorten a Cybersecurity Leader’s Tenure? Debunking the Myth
A Framework to Boost the Cybersecurity Leader’s Effectiveness
Leadership Vision for 2022: Security and Risk Management
The Roadmap to CISO Effectiveness
*Note that some documents may not be available to all Gartner clients.