Top 5 Focus Areas for CISOs in 2022

The results of the 2021 CISO Benchmark Survey indicate five areas ranked as key initiatives for the coming year.
CISO Benchmark

As the retail and hospitality industry moves into 2022, what were once unprecedented times have become the new normal, and though many businesses face lingering challenges, the results of this year’s CISO Benchmark Survey also reveal a desire to invest in the digital future.

A majority of respondents across all sized companies, from small to enterprise, reported anticipating both an increase in budget and number of full-time employees compared to 2021. For many, their 2022 budget is higher than pre-pandemic, as companies continue to invest in additional tools, technologies, and personnel needed to protect a broader attack surface.

With this in mind, there are a few areas CISOs identified as being key initiatives this year.

  1. Ransomware Resilience Planning: Ransomware is the most high-profile cybersecurity threat faced today, placing it front-and-center on the radar of CISOs and their executive leadership teams in 2022. Because ransomware attacks have the potential for far-reaching operational, financial, and reputational damage, ransomware planning is truly a company-wide initiative. Cybersecurity teams must continue to work closely with stakeholders within IT and also work across legal and communication departments to establish plans for preventing, as well as responding, to a breach.
  2. Security for Hybrid Cloud/On-Prem Environments: A hybrid cloud allows for the use of both on-premises servers, as well as third-party public cloud servers such as AWS or Microsoft Azure. Hybrid cloud systems are frequently being adopted because of the flexibility they provide businesses to affordably scale up operations. However, because this hybrid model is a joining of two different systems, securing it can be a challenge. CISOs are focused on working with IT counterparts to securely implement these systems and ensuring best practices are put in place to maintain security within these environments.
  3. Vulnerability Management: As the digital network expands, it is more important than ever to continuously identify, evaluate, prioritize, and mitigate vulnerabilities in the systems that businesses are relying on. A proactive approach to security allows for appropriate prioritization of potential problems so that companies can allocate resources to mitigate risks before they become exploited.
  1. Zero-Trust Security Architecture: Zero trust is a framework that requires users to be authenticated, authorized, and continuously evaluated even when coming from within the organization’s perimeter. As companies continue to work from home and adapt hybrid cloud environments, zero-trust architecture is essential for identity and access management.
  1. Application Security: Application vulnerabilities remain one of the most commonly exploited external attack methods. In today’s world of rapid release, security needs to be built into the application development process from the start with investment in the appropriate tools throughout the life cycle of applications.


RH-ISAC members can learn more about staffing and budget allocation, key 2022 initiatives, and industry challenges in the full CISO Benchmark Report, available exclusively to members. Members also have access to a community of peers and a library of resources on Member Exchange to assist their team with accomplishing their 2022 initiatives.

Not a member? Learn more about how RH-ISAC membership can benefit you at

More Recent Blog Posts