2022 CISO Priorities Flashcard: Remote Workforce Remains Top Concern

We polled over 300 CISOs from across the Americas on the cybersecurity challenges they're prioritizing in 2022. Gain insight into the key projects, emerging priorities, and deprioritized secondary initiatives—despite high risks.
CISO priorities 2022 cybersecurity priorities infographic

Table of Contents

For the second year running, we polled CISOs and cybersecurity leaders on the projects they consider most urgent and compiled their answers in our 2022 CISO Priorities Flashcard. Among the many initiatives available for their consideration, here are some of the highlights. To see the infographics themselves, skip ahead.

The Remote Workforce

As businesses went remote in 2019, cybersecurity teams scrambled to secure users who left the security of the perimeter by going remote. Consequently, in 2021 94% of CISOs noted securing their remote workforce an “absolute priority” or “priority”. In 2022, the response is more muted from U.S. CISOs. 78% of CISOs regard securing the remote workforce as a priority, making it the top priority for the second year running.

While it can be assumed that CISOs addressed the initial impact of those cohorts starting to work from home, remote workers remain an ongoing concern. Under hybrid work models devices moving in and out of perimeter defenses represent new challenges and vulnerabilities.

Facilitating Proficient Day-to-Day Cybersecurity Operations

In 2022, many top priorities concern the ease of cybersecurity operations. Automating threat detection and response (78%) and unifying threat visibility across all assets (62%) are some of our respondents’ top priorities. These measures indicate that tools that make the SOC team’s work more automated and more efficient are getting precedence. 

Demand for cybersecurity talent is only increasing. Efforts that help operators with their daily tasks not only make the most of an expensive resource but improve staff retention.

The Cybersecurity Big Picture

Improving the cybersecurity posture as a whole is at the forefront of CISOs’ minds. Enhancing cybersecurity testing beyond penetration testing (63%) and measuring the effectiveness of the cybersecurity ecosystem (62%) are being prioritized in 2022. With so many tools, projects, and methodologies to choose from, subjectively testing the system and its components is key. CISOs are looking to spend their budgets intelligently and get evidence of their performance that they can take back to their board. 

Supply Chain Surprise

In 2021, supply chain attacks dominated the headlines, with the Kaseya and SolarWinds attacks at the forefront. Sophisticated attackers are looking to exploit vulnerabilities in pipelines and packages (such as log4j) to compromise organizations lower down in the supply chain. That’s why we were surprised that only 49% of cybersecurity leaders consider supply chain risk assessment a priority. In an ideal world, this should be a key component of any organization’s due diligence practices.

The SOC Team Is Here to Stay

CISOs are least interested in outsourcing cybersecurity operations (17%). Smaller businesses without a CISO or cybersecurity staff might acquire the help of a 3rd party. However, organizations with mature information security stacks recognize the reality that cybersecurity is not just bought but operated. CISOs are committed to the constant measurement and improvement of their cybersecurity operations.

The complete 2022 U.S. and Canada CISO Priorities Flashcard is freely available for download. You can also explore the—slightly different—priorities of Latin American CISOs in the Latam and Brazilian versions of the flashcard.

Subscribe to Our Blog

Get the latest cybersecurity articles and insights straight from the experts.

Share this post


ransomware flashcard 2022

Ransomware Flashcard 2022: The Vicious Cycle

Reading Time: 3 mins Trends from 2021 indicate that 2022 will see an increased threat of ransomware on a global level. Here are some insights and background information to accompany the facts and figures provided by our Ransomware Flashcard 2022.


Lessons from (Another) Florida Ransomware Attack

Reading Time: 4 mins The $40 million attack on the Broward County public school district is an example of how ransomware attacks are evolving. Here’s what you can do to protect your organization.