Cybersecurity experts say Chief Information Security Officers (CISOs) need to take a new approach. They should focus on response and recovery as much as prevention. “CISOs manage more through adrenaline than intention, which is unsustainable,” said Dennis Xu, a VP analyst at a research firm.

“CISOs need to be resilient through intention, not adrenaline, if they want to survive.”

Experts recommend CISOs prioritize three areas:

1. Build cyber fault tolerance in the business. Focus on areas where prevention is weak, like AI and third parties.

Have playbooks ready for response and recovery. 2. Streamline to a minimum set of effective cyber tools.

CISOs often keep old tools too long while adding new ones too fast. This creates complexity.

New approach priorities for CISOs

“CISOs must break the ‘gear acquisition syndrome’ by using the fewest tools needed,” Xu said. 3. Build a resilient cyber workforce.

Many CISOs and teams have a “heroism mindset.” They try to avoid bad outcomes at all costs, even their health. This hurts innovation. CISOs should make it easy for employees to get support.

They should share failure and learning stories. And they should reduce burnout by automating tasks. “CISOs should guide partners to create contingency plans, including an exit strategy and incident response playbooks,” said Christopher Mixter, another VP analyst.

By taking these steps, CISOs can balance prevention with effective response and recovery. This will create a well-rounded, sustainable cybersecurity approach.