Gartner: CISOs Face Challenges in Aligning Security with Business Goals

Security leaders around the globe are facing a tough challenge. They’re caught between securing their data and using it effectively to meet business goals. A recent Gartner study reveals that just 14% of cybersecurity leaders are managing this balance well.

Gartner surveyed 318 senior security leaders in the summer of 2024. Only 35% were confident in their ability to secure data assets, while 21% felt they could leverage data to drive business success. That means more than 80% are struggling with both tasks.

Nathan Parks, a senior research specialist at Gartner, highlighted the urgency of this issue. He pointed out that with such a low percentage of leaders achieving both security and business alignment, organizations risk increased exposure to cyber threats, regulatory fines, and operational hiccups. In short, they’re jeopardizing their competitive edge and trust with stakeholders.

To address these challenges, Gartner has put together a five-point checklist for security and risk leaders:

1. Work Together on Policies: CISOs should collaborate with business users to create data security policies that everyone understands and supports.

2. Align Governance Efforts: It’s crucial to partner with other departments to find overlaps that can improve security efforts.

3. Clarify Non-Negotiables: Leaders need to clearly define critical cybersecurity requirements for dealing with unexpected security risks.

4. Set Guardrails for GenAI: When it comes to generative AI, establishing clear guidelines for responsible experimentation is essential.

5. Engage Analytics Teams: Collaborating with data and analytics teams can secure necessary buy-in from the board on data security initiatives.

Speaking of the boardroom, this issue of aligning security priorities with senior leadership is a common struggle. A separate study from Splunk showed that while CISOs are getting more seats at the boardroom table, there’s still a disconnect. For instance, 52% of CISOs prioritize innovating with emerging technologies like GenAI, but only 33% of their board counterparts feel the same way. There’s also a significant gap when it comes to upskilling cyber employees and contributing to revenue growth initiatives.

Despite these priorities, many CISOs feel underfunded. About 29% said their budgets were insufficient, while 41% of board members thought their security budgets were adequate. This disparity in perception underscores the ongoing disconnect between cybersecurity leaders and the broader business strategy.