In today’s unpredictable economic climate, chief information security officers (CISOs) face familiar — but intensified — challenges. From US government funding cuts to global geopolitical instability, organizations must operate in an environment that is more volatile than ever. Our latest Forrester report, Security Leaders: How To Thrive Through Volatility, provides actionable insights for CISOs to navigate these turbulent times. Here are a few of the key lessons and what they mean for you.

Optimize Costs Without Compromising Security

Prioritize customer-facing security initiatives: Economic volatility doesn’t mean that you should slash your security budget indiscriminately. Instead, focus on initiatives that directly affect your customers. According to Forrester’s Q4 Tech Pulse Survey, 2024, two-thirds of IT decision-makers say that customer requirements dictate their security plans. Cutting security spending now could hurt customer retention and harm your revenue, something that could take years to recover from. Defend your security budget by emphasizing the importance of customer-facing security measures such as DDoS protection and customer identity and access management (CIAM).

Leverage flexible pricing options: Renegotiating contracts with existing vendors can be challenging, but many security vendors now offer “flex” pricing options. These allow you to swap in and out of various products and services while maintaining a minimum annual spending commitment. This flexibility can help you adapt your spending to current needs without sacrificing security. CrowdStrike Falcon Flex and Trend Micro’s credit-based licensing are two examples of this flex pricing options.

Embrace Change Management

Be a visible change leader: In rapidly changing times, CISOs must provide stability and clarity. Effective change leaders follow a cadence of activities, including clarifying vision, resolving uncertainty, and celebrating successes. Build a strong foundation by addressing capabilities, culture, career paths, communication, and, where possible, transparency to reduce anxiety.

Foster continuous learning: Cultivate a culture of continuous learning to adapt quickly to new technologies and challenges. Provide time and resources for upskilling and promote practices that encourage process improvement. In addition, participate in peer discussions and forums with other CISOs and practitioners to gain insight into how other leaders and their teams are handling these issues.

Double Down On Enterprise Risk Management

Address insider threats: Focus on insider risk management, especially if your organization is undergoing reorganizations or layoffs. Protect sensitive intellectual property with strong identity and access management, data security, and insider risk controls.

Manage ecosystem risks: Your organization’s security depends on your partners’ practices. Document requirements, apply appropriate oversight, and link them to resilience. Navigate heightened protectionism and regulatory frameworks to ensure continued operations.

Conclusion

Navigating economic volatility requires flexibility, strategic spending, and a strong focus on risk management. By following the actionable advice in our report, CISOs can help their organizations thrive even in uncertain times. For a deeper dive into these strategies, read our full report, Security Leaders: How To Thrive Through Volatility.