Organizations with midlevel security awareness are more likely to be focused on streamlining compliance and privacy efforts, simplifying IT security infrastructure, improving management of third-party risks, and shortening incident response time, in addition to reducing spend, improving access control, and exploring MSSP options, Ross says.
Meanwhile, CISOs leading high-maturity organizations typically focus on improving their understanding of external threats and accelerating the use of AI to improve security effectiveness, Ross says. They’re also looking to do a better job leveraging data and analytics for security purposes, and they’re assuming responsibility for risks presented by both operational technology and IT systems. At the same time they continue to focus on doing better at the fundamentals, such as improving third-party risk management.
To be sure, Ross adds, some priorities — such as ensuring the ability to identify an attack and shorten response times — are universal. “Those are perennial priorities, because they’re critically important to the business and continuing operations,” he says.
Assigning accountability
There is, however, an emerging trend among top CISOs seeking to execute on their long list of perennial priorities, West Monroe’s Chaddock says.
