More than two-thirds of top-performing chief information security officers (CISOs) dedicate recurring time for professional development, according to a new survey by Gartner. The 69% figure compares with just 36% of the bottom-performing CISOs who do so.

The survey of 227 CISOs was collected from 2020 through 2023 as part of a benchmark survey, with those scoring in the top one-third ranked as “top performers.” Gartner’s research identified five behaviors that significantly differentiated top-performing CISOs from bottom performing ones. According to Gartner, these qualities were at least 1.5 times as prevalent in top performers.

More than three-quarters of top-performing CISOs initiated conversations on evolving norms to stay ahead of threats, compared with just half of the bottom-performing CISOs, for example. 

Nearly two-thirds of the top performers (63%) proactively engage in securing emerging technologies like artificial intelligence (AI), machine learning (ML) and blockchain, compared with 38% of the bottom performers.

Top-performing CISOs also proactively engage with senior decision-makers by building relationships outside the context of projects (65%), and by collaborating to define enterprise risk appetite (67%). The most effective CISOs regularly meet with three times as many non-IT stakeholders such as the heads of sales, marketing or business unit leaders, according to Gartner.

“As the CISO role continues to rapidly evolve, it becomes even more critical for security and risk leaders to protect time for professional development,” said Chiara Girardi, senior principal, research at Gartner. “Developing new skills and knowledge as the role changes is essential to effectively serve as a strategic advisor to the business — the new CISO paradigm.”