The CISO’s Perspective: Measuring & Communicating Risk

Community Blog
Written by Laurel Hiestand

APRIL 26, 2022

The top priority and investment areas for CISOs were recently posted from our Leadership Perspective Survey, and we are committed to continually updating our communities with new results as we get more responses. We’ve collected over 1,000 submissions from CISOs across the globe, so it’s time to take a deeper dive into their top priorities in 2022. 

For enterprise priorities, reducing risk maintains its spot as the top priority for C-Suite leaders.  Increasing operational efficiencies and productivity is a very close second, followed by driving growth as the third priority across the enterprise. 

Tied directly into the top enterprise priority, measuring and communicating risk is the second highest priority within the security function. It is also the fourth ranked planned spend area (Governance, Risk & Compliance) with 33% of CISOs indicating that they’ll invest this year.  As we continue our three-part series highlighting CISOs’ priorities and perspectives for 2022, let’s look at what the data is telling us. 

Why are security leaders so invested in measuring and communicating risk?

One CISO noted that “Current tools and frameworks don’t do a great job at capturing and translating organizational and enterprise risk.” Another CISO shared the challenge of capturing risk at an organizational level: ”The challenge is that you have risk at different tiers, and risk means something different for every team. How can we streamline our definition of risk and uncover its potential impact?”

Let’s dive a little deeper into the data and look at the top rated goals and challenges for measuring and communicating risk across Evanta’s CISO community.


As CISOs continue to tackle the challenges around measuring and communicating risk, they are sharing the obstacles that they’re facing this year. 


What technology and services are CISOs looking for to help navigate the complexity of measuring risk? CISOs in several communities indicated it was in their top area of investment in 2022.

Across all communities, 61% of CISOs who plan to spend on governance, risk & compliance also indicated an increase in budget for technology and services this year. And 77% of those security leaders also plan to invest in the next 12 months. 

Here is a snapshot of how our North American CISO communities have ranked their 2022 investments in GRC and the timelines for when they’re planning to invest.

Measuring and Communicating risk will be on the agenda at the below CISO Executive Summits this spring: 

Washington DC CISO Executive Summit on May 3rd

Dallas CISO Executive Summit on May 17th

St. Louis CISO Executive Summit on June 14th

There are always opportunities to discuss measuring and communicating risk with your CISO peers. See the upcoming gatherings across Evanta CISO communities here.

Laurel Hiestand headshot

Laurel Hiestand

Content Director at Evanta, a Gartner Company