The Evolving Role of CISOs: A Report on Their Growing Influence in Business Strategy

The Rise of the CISO: Influencing Corporate Strategy

In a rapidly changing business landscape, Chief Information Security Officers (CISOs) have seen a remarkable transformation in their roles within organizations. According to the latest findings from the 2025 CISO Report released by Splunk in collaboration with Oxford Economics, a significant shift has occurred: more than 80% of CISOs now report directly to the CEO. This marks a dramatic increase from just 47% in 2023, reflecting the essential role cybersecurity plays in overall business success.

Increased Engagement with the Boardroom

The report reveals that 83% of CISOs are involved in board meetings frequently, highlighting their increasing say in strategic discussions. Interestingly, while 60% of them recognize that board members with a cybersecurity background have a more significant influence on decisions, only 29% report having such expertise represented on their boards. This discrepancy points to a critical gap in cybersecurity understanding that needs addressing as organizations prioritize digital resilience.

Michael Fanning, CISO at Splunk, emphasizes the importance of CISOs grasping business concepts beyond their IT frameworks. He states, "For CISOs, that means understanding the business beyond their IT environments and finding new ways to convey the ROI of security initiatives to their boards." This evolving relationship is fundamental as CISOs begin to act not just as security experts but also as vital contributors to business decisions.

Balancing Security and Business Needs

As the responsibilities of CISOs expand, the need for strong collaboration with various stakeholders becomes even more crucial. Shefali Mookencherry, CISO and Privacy Officer at the University of Illinois Chicago, points out the importance of integration across the board, calling for effective communication and teamwork within organizations. For CISOs, this means articulating the value of security investments and balancing the need for robust security protocols with the overarching business objectives.

The report also indicates that CISOs with healthy board relationships tend to foster better collaboration throughout the organization, especially with IT operations and engineering teams. These partnerships are crucial for implementing innovative security strategies, such as generative AI for enhanced threat detection and data analysis.

Bridging the Gap in Priorities

Despite signs of alignment between CISOs and boards on security priorities, gaps still persist. For instance, while 52% of CISOs view innovating with emerging technologies as essential, only 33% of board members share this view. Additionally, there's a stark discrepancy when it comes to upskilling employees: 51% of CISOs prioritize this compared to just 27% of board members. There's a clear expectation from boards for CISOs to adopt business leadership skills while the complexity of their roles continues to grow.

In terms of key performance indicators (KPIs), 79% of CISOs report substantial changes in measurement criteria over recent years. Interestingly, while attaining security milestones is seen as success by 46% of CISOs, only 19% of board members concur. This disconnect underscores the importance of establishing unified frameworks for evaluating security effectiveness.

Compliance Challenges and Budget Concerns

Maintaining compliance has never been more critical, yet only 15% of CISOs consider compliance status a top performance metric— a stark contrast to 45% of board members. Furthermore, many CISOs face pressure not to report compliance issues, with 21% stating they had been encouraged to conceal problems. This disconnect raises concerns about ethical standards and accountability within organizations, as 59% of CISOs are willing to act as whistleblowers if compliance is overlooked.

On the financial front, there's an ongoing challenge surrounding cybersecurity budgets. Only 29% of CISOs feel their budgets are adequate for achieving security goals, compared to 41% of board members. A staggering 64% of CISOs express concern over their ability to meet the current threats and regulatory expectations due to insufficient funds.

The report paints a concerning picture; 94% of CISOs have experienced disruptive cyberattacks, and 55% of these individuals report multiple attacks in recent years— a testimony to the pressing need for organizations to bolster their cybersecurity efforts.

Conclusion

The findings from the 2025 CISO Report serve as a crucial reminder for corporate leaders of the evolving landscape of cybersecurity. As CISOs gain more influence within the C-suite, establishing strong relationships and effective communication channels with their boards becomes essential. Organizations must prioritize bridging the gap in understanding and expertise between CISOs and their boards to achieve a comprehensive approach to digital resilience and security.