NOVEMBER 29, 2022
CISOs have maintained their focus this year on protecting the enterprise, securing the cloud, and communicating risk, but security leaders are also business leaders. As such, they are involved in enterprise risk management and holistic business concerns. We wondered how security leaders were feeling about the economy and how it was impacting their planning for next year. Overall, despite economic factors, CISOs are focused on growing, innovating and protecting their organizations.
In our most recent pulse survey, we asked C-level executives across Evanta communities about current economic indicators and planning for 2023 in an uncertain economic environment. Here are 5 top-level takeaways from nearly 200 CISOs in our communities.
1. CISOs feel the impact of inflation, but it’s not holding business back.
When asked about current economic factors impacting their organizations, 70% of CISOs cited inflation, and 58% said global events, such as the pandemic or the war in Ukraine. These factors were followed closely by supply chain issues (57%) and expectations about an economic downtown (56%). Interestingly, CISOs cited global events at a slightly higher rate than most other roles in the C-suite – perhaps reflecting the global nature of their roles and the threats they are facing. One CISO commented when asked about what they are focused on for 2023: “Global stability – politically and economically, also energy instability due to the Russia-Ukraine conflict.”
Despite these economic headwinds, 61% of CISOs characterize their organization as “in growth mode.” Only 6% say that business is declining, and 33% report that business is not growing, but it is steady.
2. CISOs are investing in growth drivers and remaining steady in other areas.
We asked security leaders how the economy may impact their planned investments for 2023. They are planning to increase their spending in growth and innovation (57%) and product or service expansion (55%), suggesting that growth drivers remain a priority. Slightly more CISOs also report increasing investments in technology acquisition and expansion (45%) over keeping investments the same (40%).
When it comes to human capital, 52% of security leaders expect their investment to remain the same. While attracting and retaining talent is still a big issue in cybersecurity, it’s possible that they have invested in this area already and can’t constantly keep increasing their investments. One CISO said of their focus for next year: “Trying to retain the talent we have and weather the storm.” Vendor and supplier relationships is another area where most CISOs (62%) expect their investments to stay the same. Across the categories, relatively small percentages of CISOs report plans to decrease investments next year.
3. CISOs anticipate pressure to reduce spending.
As experienced business leaders, CISOs are anticipating what will be asked of them in terms of controlling costs. While they plan to increase or keep investments the same in key areas next year, 64% of CISOs report feeling the pressure to reduce costs and spending. More CISOs expect to face some pressures in 2023 than those who are experiencing them currently.
External and global factors may be influencing their expectations for next year. As two CISOs commented about their focus areas for next year, they are concerned about an “economic slowdown due to the economic outlook” and “economic stability based on world events.”
4. Despite the uncertainty, CISOs have a positive outlook.
Despite the pressures they cited, CISOs have a positive sentiment for 2023, with 47% of respondents reporting a somewhat positive or very positive economic outlook. Another 25% of security leaders say they are feeling neutral about it.
5. CISOs’ top-of-mind issues for 2023
We asked CISOs what is top of mind for them heading into 2023. The comments ranged from their own focus areas, such as “cloud security and data governance,” to overall business concerns, such as “Do more with less. Demonstrate business value.” Talent remains a theme for CISOs, as well. Here is a sample of their comments:
How to address the constant of chaos and change.”
Talent retention, leadership, and supporting my team through coaching.”
Uncertainty over the economic outlook and how this will impact our client base.”
Increase in fraud, cyber crime, malfeasance."
by CISOs, for CISOs
Find your local community and explore the benefits of becoming a member.