2025年安全和风险管理的3个关键要求

Leadership Vision for 2025 Top 3 StrategicPriorities forSecurity and RiskManagementLeaders Introduction Cyber risk is now a ubiquitous concern across the boardroom. Key questions addressed At the same time, most nonexecutive board members believe thattaking on more technological risk is a key driver of shareholder value. What are themajor trendsfueling boardexpectations around cybersecurity andrisk management? Cybersecurity and risk management leaders find themselves in adelicate balancing act. To deliver on these competing priorities, theymust work together to define a cybersecurity strategy that not onlyaligns with the organization’s business requirements, but sets fortha cybersecurity vision rooted in performance, resilience and agility. How can cybersecurity and risk leadersdefine a visionfor optimal performance,agility and resilience? Use this research to help inform your 2025 investment planning,ensure your cybersecurity programs stay ahead of emerging threatsand achieve stronger gains on enterprise tech investments. What actions can these leaders take toaddress key imperatives for achievingtheir vision? 3 Trends Defining the Cybersecurity Landscape in 2025 There remains an appetite for technologyriskas the preferred method for deliveringshareholder value. The majority ofcorporate board members indicate they’dlike to see their organizations take morerisks when it comes to technology. Cybersecurity still dominates investmentplanning and remains the top focusfor CIOs. Eighty-seven percent oftechnology executives are planning toincrease funding toward cyber/informationsecurity initiatives in 2025. Cyber risk is a ubiquitous concernfor nonexecutive board members —a sentiment echoed by their executivecolleagues. More than 93% ofnonexecutive board members seecybersecurity threats as a threat toshareholder value. What’s more, 98%of respondents believe cyberthreatswill only grow over the next two years. How to Execute on the Vision 3 Priorities for Cybersecurity Leaders 01PRIORITY Optimize forperformance 02PRIORITY Optimize forresilience 03PRIORITY Optimize foragility Optimize forPerformancePRIORITY01 Performanceis the ability to drive continuous improvement inthe effectiveness and efficiency of the cybersecurity program. Cybersecurity program accelerators Optimize for Performance There are four pivotal actions security and riskmanagement leaders must consider to enhance theperformance of their cybersecurity programs. Assess capability and controls maturity, and execute onimprovement actions. These actions, while integral to cybersecurity strategy,primarily impact the execution layer of programs. Initiate a project to improve technology optimization. Explore use of AI to optimize cyber processes. Improve effectiveness through cyber staff well-being. Optimize forResiliencePRIORITY02 Resilienceis the ability to resist, absorb, recover and adapt tobusiness disruption in an ever-changing and increasingly complexenvironment and threat landscape to rebound and prosper. Optimize for Resilience There are four crucial actions that SRM leadersmust consider to optimize the resilience of theircybersecurity programs. Expand cybersecurity awareness to behavior and culture change. These actions should not only be integrated into thecybersecurity strategy plan but also significantly impactthe charter, terms of reference and governance layersof the cybersecurity programs. Establish business accountability for third-party cyber risks. Integrate cyberdeterence to improve cyber resilience. Implement cyber judgment. Optimize forAgilityPRIORITY03 Agilityis the ability to rapidly reprioritize the roadmaps andinvestments inherent in the cybersecurity strategy and program. Agile principles CollaborationEffectively partnerwithin and acrossteams. EmpoweredownershipEstablish trust anddelegate decisionmaking. ContinuousimprovementAdvance teamand organizationalcapabilities. Adaptability CustomerorientationFocus on customerneeds and outcomes. Respond flexibly toevolving factors andenvironments. Optimize for Agility There are four pivotal actions that SRM leaders shouldconsider when optimizing for agility. Change your security strategy to be more responsiveto changes in the operating environment. These actions should be seamlessly integrated into thecybersecurity strategy plan because they significantlyaffect the terms of reference and governance layers ofthe cybersecurity framework. Implement collaborative risk management. Adopt a liberalized policy management strategy. Reset your data security program. End-to-endsupport for CIOsand their teams Gartner for IT Executives Gartner Research BoardGartner Executive ProgramsGartner for CIOs Gartner for C-Level LeadersCISO/Security & Risk LeadersCDAO/Data & Analytics LeadersSoftware Engineering LeadersHead of Infrastructure & IT OperationsEnterprise IT Leaders+their teams Expert guidance and tools tomaximize success at every level Vali