Gartner Identifies Three Steps for Security and Risk Leaders to Lead from an Offensive Position

Gartner Identifies Three Steps for Security and Risk Leaders to Lead from an Offensive Position

Analysts Explore How Security Leaders Can Increase Their Executive Impact at the Gartner Security & Risk Management Summit Middle East, February 14-15

DUBAI, UAE., February 14, 2022 — To respond to an ever-changing threat landscape and increase impact among executive leadership, security and risk leaders should take a three-step approach to shift from a defensive to an offensive leadership position, according to Gartner, Inc.

“This is a time of extraordinarily high visibility for security leadership,” said Tina Nunno, distinguished research vice president and Gartner Fellow. “By embracing an offensive mindset, security leaders have an opportunity to permanently shift their role from a service provider to a coach who provides critical strategy and guidance to support business value creation.”

During the Opening Keynote of the Gartner Security & Risk Management Summit Middle East, which is taking place virtually through Tuesday, Nunno identified three steps for security and risk leaders to shift from a defensive to an offensive leadership approach.

Strengthen Your Personal Leadership Approach

Fifty-seven percent of respondents in a recent Gartner survey* said that COVID-19 has resulted in the CIO, CEO and other senior stakeholders becoming better educated on the value of security and risk management. To maintain this momentum, security leaders must identify whether they are acting defensively or offensively and reposition their personal leadership towards the latter.

“CISOs who find themselves frequently apologizing or explaining security incidents are likely taking a defensive stance, which often results in security being siloed into a service provider role,” said Nunno. “Offensive-minded security leaders instead focus on innovation, forward-looking strategy and the role of security in supporting digital transformation, helping cement their position as critical business partners.”

Systematize Offense for the Team

Gartner research showed that top-performing enterprises embrace distributed accountability for digital outcomes. Security and risk leaders can improve outcomes by assigning security responsibilities to stakeholders across the enterprise, including line-of-business leaders, executive leadership and third-party vendors.

“Responsibility for securing the enterprise goes beyond just the security team,” said Nunno. “Transparent, proactive communication across the organization will help security leaders promote distributed accountability and ensure that stakeholders are delivering on necessary outcomes.”

Gartner predicts that by 2024, 60% of CISOs will establish critical partnerships with key market-facing executives in sales, finance and marketing, up from less than 20% today. Such partnerships will be essential for enabling security and risk leadership to systematize approaches to enterprise security across functions.

Coach the Enterprise Through New Digital Risks

Gartner research has found that enterprises are looking to increase their risk appetite into 2022. In this heightened risk environment, an offensive security approach will guide the enterprise through the resulting volatility and digital uncertainties.

“Boards and executives are generally focused on revenue, cost and risk. Security leaders can coach business stakeholders through security-related decisions by framing them around these three areas, helping determine what trade-offs the business is willing to make,” said Nunno.

Note for Editors:

*The 2021 Gartner Global Security and Risk Management Governance Survey was conducted between April and May 2021 among 615 respondents across North America, EMEA, APAC and Latin America at organizations with at least 100 employees and $50 million in total annual revenue.

Learn about the top priorities for security leaders in 2022 in the 2022 Leadership Vision for Security & Risk Management Leaders.

About the Gartner Security & Risk Management Summit

The Gartner Security and Risk Management Summit 2022 provides analysis on the latest security trends and how to manage risk and build resiliency. Follow news coming from the conference on the Gartner Newsroom and on Twitter using #GartnerSEC.

Upcoming dates and locations for the Gartner Security & Risk Management Summit include:

March 7-8 in India,

June 7-10 in National Harbor, MD.

June 21-22 in Sydney

July 25-27 in Tokyo

September 12-14 in London

About the Gartner Information Technology Practice

Gartner for Information Technology Executives provides actionable, objective insight to CIOs and IT leaders to help them drive their organizations through digital transformation and lead business growth. Additional information is available at

Follow news and updates from Gartner for IT Executives on Twitter and LinkedIn. Visit the IT Newsroom for more information and insights.

About Gartner

Gartner, Inc. (NYSE: IT) delivers actionable, objective insight to executives and their teams. Our expert guidance and tools enable faster, smarter decisions and stronger performance on an organization’s mission critical priorities. To learn more, visit

# # #

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s