4 Key Insights from CISOs on Managing Organizational Change

In today’s fast-paced digital landscape, IT and security initiatives are evolving rapidly, from AI adoption to cloud security. While managing internal change isn’t always a top priority for Chief Information Security Officers (CISOs), it plays a critical role in achieving broader security goals. Change management is no longer a one-time event but an ongoing process, often requiring multiple adjustments at once. Whether it’s about securing AI adoption or driving security awareness across the organization, change management is a fundamental part of ensuring the success of any large-scale initiative.

In a recent survey of 200 CISOs as part of a Community Pulse Survey to better understand how security leaders view and manage change within their organizations. Here are the four most important takeaways from the responses.

1. CISOs Are Actively Involved in Change Management Initiatives

A significant 71% of CISOs reported that they are currently involved in initiatives requiring change management, with another 8% planning to engage in such efforts in the future. However, 21% of CISOs indicated that they are not currently working on any change management initiatives, which is the highest percentage compared to other C-suite roles surveyed.

When asked what types of initiatives require change management, responses varied widely, including digital transformation, AI adoption, ERP implementation, and organizational restructuring. One CISO shared that their organization was managing multiple changes simultaneously, including technology modernization, revamping financial reporting, and managing new client growth and acquisitions.

Regarding the role of CISOs in these processes, 61% indicated they provide strategic direction, 52% communicate and engage with stakeholders, and 48% monitor and evaluate the progress of change management efforts.

2. What Drives Successful Change Management?

When it comes to the factors that determine the success of change management initiatives, the majority of CISOs agreed that executive leadership or sponsorship is paramount, with 40% identifying it as the top factor. Close behind were strong communications and providing context for change (22%), followed by employee engagement (20%). Although a minority, 14% of CISOs also highlighted the importance of investing adequate resources in change management as a critical success factor.

These insights underscore the importance of leadership, transparency, and employee buy-in when navigating the challenges of organizational transformation.

3. CISOs Are Confident in Their Change Management Capabilities

Overall, CISOs express a strong level of confidence in their organizations' ability to handle change. Sixty-five percent reported being “somewhat confident,” and 31% are “very confident.” Only 5% of respondents indicated they lacked confidence in their ability to manage change effectively. This high level of confidence suggests that while challenges exist, many CISOs feel prepared to tackle the complexities of change within their organizations.

4. Challenges in Implementing Effective Change Management

Despite their confidence, CISOs face several challenges when managing change. Some pointed to balancing the need for thorough due diligence with the pressure to implement changes promptly. Others highlighted the difficulty in aligning various departments and stakeholders, with one CISO mentioning the challenge of “driving consensus and aligning on the path forward.” Communications and prioritization were also cited as significant hurdles.

One key issue that emerged was "change fatigue." As organizations constantly adapt to new technologies and initiatives, employees may experience burnout. CISOs offered various strategies to cope with this challenge, including:

• “Pace out the changes and communicate the need and the reason for the change.”
• “Ensure the benefits are understood and offer support to those who need it.”
• “Constantly communicate the value proposition of the change.”
• “Provide a concrete and solid roadmap.”
• “Limit and prioritize the changes.”

These responses emphasize the importance of clear communication, providing support, and managing the pace of change to prevent burnout and ensure smooth transitions.

Managing change is a continuous and essential activity for today’s CISOs. By strategically overseeing the process and addressing common challenges, organizations can implement more successful IT and security initiatives that align with their long-term goals. Visit CISOMeet.org for more information.