Forrester recently published Top Recommendations For Your Security Program, 2023 for CISOs and other senior cybersecurity and technology leaders. This year’s overarching theme involves protection (as you might expect) — but not exactly in the way you’d think in the context of security.

In 2023, our recommendations fall into three major strategic themes for security leaders:

    1. Protect your organization.
    2. Protect your budget.
    3. Protect your team and yourself.

Protect Your Organization

In 2023, tech and security leaders need to work together to “Tame The Asset Management Beast” to make headway on one of the longest-running problems in all of technology: asset management and inventory. Our recommendation — and the aforementioned research — points out how asset management itself is changing as a result of requirements related to software bills of materials, vulnerability categorization, cloud adoption, and crypto-agility (our second recommendation in this category includes more on this topic in the full report).

Protect Your Budget

Security budgets will face more scrutiny than before due to macroeconomic conditions, but several externalities in the form of customer requirements, cyber insurance carriers, and regulatory requirements provide ample evidence for business cases to be incorporated into CISOs’ Tactics To Win Every Budget Battle. One area that will strain security budgets: cloud. Forrester expects the costs of securing cloud workloads to increase by 8% to 13% in the next 18–24 months, while cloud adoption also continues to rise. Coordinating between on-premises and cloud technologies and leveraging automation (our third recommendation in this category in the full report) can help offset these increases.

Protect Your Team And Yourself

Security leaders spent over a decade “managing up” and proving themselves as a true member of the C-suite. The great news is that it paid off. More security leaders now report to CEOs than CIOs, a change that’s positive for security leaders and security programs. As members of the C-suite, CISOs make consequential decisions with enormous legal implications in jurisdictions that span the globe. As a result, our first recommendation to senior security leaders in this category: Lawyer up and retain your own counsel to protect yourself. Our second recommendation in this section involves protecting your team. With three years of anywhere-work slowly ending and mandates to return to the office, CISOs should plan an influence tour (travel expenses permitting) to reengage with their security team and the rest of the organization.

Top Security Recommendations: Behind The Scenes

So how do we develop our annual recommendations for CISOs? For an inside view of the research process, we conduct several brainstorming sessions based on:

  • Engaging with clients. We include insights gleaned from inquiries, advisory, and guidance sessions with senior security, risk, and privacy leaders, as well as inquiries and advisory sessions with cybersecurity, risk, and privacy vendors.
  • Staying up to date on vendor activity. We take briefings from cybersecurity, risk, and privacy vendors to stay abreast of what the cybersecurity vendor community is doing.
  • Gaining detailed insights into competitive dynamics and markets. We conduct evaluative research such as vendor landscapes and Forrester Wave™ evaluations. These projects include questionnaires, demonstrations, client reference surveys, and client reference interviews.
  • Analyzing an enormous amount of data from decision-makers. Forrester runs three different surveys covering security, risk, and privacy, with over 7,500 respondents in total.

For more on these recommendations, check the research out here: Top Recommendations For Your Security Program, 2023. Forrester clients can also attend a webinar on March 21 at 1 p.m. ET, where we’ll dig in to highlights from this report and our recently published 2023 downturn guide for CISOs.