Optimize cybersecurity programs for performance, resilience and agility.
- Gartner client? Log in for personalized search results.
Focus on evolution and agility for effective cybersecurity programs
Today’s chief information security officers (CISOs) are at the forefront of the evolution of the cybersecurity function from a protector of the enterprise to an enabler of secure digital transformation. However, security and risk management (SRM) leaders remain accountable for helping the enterprise balance the risks and benefits of emerging technology. Fifty-eight percent of boards would like to see their organization take more technology risk, despite 81% viewing cybersecurity as a business risk. This leaves CISOs in a challenging position.
In 2025, effective cybersecurity programs will focus on continuous improvement and adaptability to counter evolving cyberthreats.
Enable transformation and embed resilience
Cybersecurity programs — and the SRM leaders who develop and oversee them — require a new focus on optimizing performance, resilience and agility.
Imperative No. 1 for SRM leaders: Optimize for performance
When cybersecurity programs are optimized for performance, they focus on continuous improvement in effectiveness and efficiency.
Accelerators can be quick wins, smart tactics or new directions, and tend to fall into one of four buckets:
Win differently — e.g., challenge the status quo approach to cybersecurity management.
Force multipliers— e.g., deploy a collaborative cyber-risk management process.
Banish drags — e.g., remove unnecessary or overly restrictive security controls.
Redirect resources — e.g., stop redundant security initiatives.
Imperative No. 2 for SRM leaders: Optimize for resilience
To optimize for resilience, improve the organization’s ability to resist, absorb, recover and adapt to business disruption in an ever-changing and increasingly complex environment and threat landscape. To shift from protection to resilience, focus on:
Safeguarding what is most impactful versus protecting everything
Targeted and effective efforts versus more tools for the sake of more tools
Hiring and training for failure versus preventing disruptions
Imperative No. 3 for SRM leaders: Optimize for agility
Agile security teams rapidly reprioritize the projects and investments within the cybersecurity strategy and program. These programs must be robust enough to withstand both minor disruptions and major external shocks. Agile principles include:
Customer orientation
Adaptability
Empowered ownership
Collaboration
Continuous improvement
How these 2025 imperatives will impact cybersecurity programs
SRM leaders are wise to evaluate these imperatives to evolve existing cybersecurity programs. Each promises to enable organizations to better protect themselves in the current security landscape while opening up opportunities to benefit from new and emerging technologies.
Learn more about these imperatives and how they will impact cybersecurity programs in the 2025 Security and Risk Management Leadership Vision.
Are you a CIO or IT leader at a midsize enterprise?
See how your peers are navigating AI adoption, vendor decisions and evolving business demands — with tools tailored to your role:
Explore our resources for midsize enterprises
Check out a curated list of Gartner’s most popular research being utilized by your peers
FAQs on 2025 trends for security and risk leaders
What is the main goal for security and risk management leaders in 2025?
Security and risk management (SRM) leaders are key enablers of digital business and are accountable for helping the enterprise balance the associated risks and benefits. By concentrating their cybersecurity strategy on three key imperatives — optimizing the program for performance, resilience and agility — they can better deliver on business outcomes.
How can CISOs create a better cybersecurity program in 2025?
Cybersecurity leaders are faced with continuously evolving technology and cyberthreats. Dealing with these challenges requires a dynamic cybersecurity program that ultimately enables transformation and embeds resilience while reflecting cybersecurity’s journey from being the protector of the enterprise to enabling secure digital transformation.
Attend a Conference
Experience IT Security and Risk Management conferences
With exclusive insight from Gartner experts on the latest trends, sessions curated for your role and unmatched peer networking, Gartner conferences help you accelerate your priorities.
8 – 10 Dec 2025
Gartner Identity & Access Management Summit
Grapevine, TX
Drive stronger performance on your mission-critical priorities.