Before each Innovate Cybersecurity Summit, we ask every attending CISO and cybersecurity executive to name their top three active security initiatives. No categories, no vendor influence, no leading questions. Just where their attention and resources are directed. As we head into Marco Island this weekend, that data from more than 250 cybersecurity executives surveyed at our summits in the last six months tells a clear story about what is on the minds of our CISO and executive community as they walk into the JW Marriott Marco Island Resort.
Here are the five conversations we expect to define the room:
1. AI Security & Governance
Among Marco Island attendees, 22% of all submitted initiatives fell under AI security or governance, up from 17% at our Scottsdale summit just six months ago.
The conversation has moved past awareness. CISOs are now building governance frameworks, hardening AI-integrated systems, and preparing defenses against adversaries already exploiting AI offensively. Agentic AI has emerged as a distinct and urgent sub-priority that most security programs are not yet equipped to address.
2. Identity & Access Management
Identity accounts for 12% of all initiatives across both summits—persistent, foundational, and still unresolved.
The language has evolved: alongside traditional IAM and PAM, CISOs are now naming non-human identity management, identity governance modernization, and identity threat detection as active priorities.
Every AI agent deployed, every automated workflow scaled, every cloud environment expanded creates new identity exposure. The attack surface is widening faster than most programs are maturing.
3. Data Security & Protection
At 11% of all initiatives, data security remains a chronic priority. DLP and broad data protection account for nearly three-quarters of mentions in this category, and the core challenge of knowing where sensitive data lives and preventing unauthorized movement is still unsolved for most organizations.
DSPM is gaining traction as a more architectural answer to that problem. As AI systems ingest and generate sensitive data at scale, this category and the AI conversation are increasingly converging.
4. Security Operations & Automation
Nine percent of initiatives pointed to SecOps modernization, spanning SOC maturity, SIEM transitions, incident response readiness, and automation investment.
The staffing math is not working for most teams, and CISOs are responding by rebuilding operations around efficiency rather than headcount.
Several Marco Island attendees cited active SIEM replacement projects, a signal that meaningful tooling disruption is underway in this space. The consistent theme across all of it is getting more out of the program that exists, not the one that was budgeted.
5. Compliance & GRC
Compliance and governance round out the top five at 8%, driven by CMMC, NIST CSF 2.0, and a broader push toward risk quantification over checkbox compliance.
Notably, 35% of GRC-related initiatives fell specifically under risk management, indicating CISOs are focused on prioritizing risk intelligently rather than satisfying auditors. GRC platform modernization is also an active project for a meaningful share of attendees, suggesting the tooling behind these programs is being actively reassessed.
These are the conversations our community has told us matter most. The data set the agenda, and we are looking forward to the conversations, debates, and collaboration that only happen in person. The question we’re most curious to see the room wrestle with is this: as AI reshapes identity, data, and operations simultaneously, are security programs being rebuilt around that reality? Or just patched on top of it? Stay tuned for post-summit data and insights from Marco Island.
Initiative data drawn from 250+ CISOs and senior security executives surveyed across Innovate Cybersecurity Summits in the last six months. The conversation continues this weekend in Marco Island, Florida, April 19-21.
View live summit updates on Innovate Cybersecurity’s LinkedIn.
Learn more about Innovate Cybersecurity Summit.