Introduction
The evolving role of Chief Information Security Officers (CISOs) within organizations highlights their increasing integration into executive leadership and their growing influence on strategic decisions. Despite this progress [5] [10], challenges remain [3] [5], particularly in aligning the perspectives and priorities of CISOs and board members regarding cybersecurity initiatives and resource allocation.
Description
CISOs are increasingly integrated into the C-suite [5], with 82% now reporting directly to the CEO [1] [3] [4] [5] [8], a significant rise from 47% in 2023 [2] [4] [5] [6] [7] [10]. Additionally, 83% of CISOs participate frequently in board meetings [2] [5] [6] [7], underscoring their growing influence in budget and policy discussions [5], as well as the boards’ enhanced understanding of the organization’s security posture [5]. However, only 29% of boards include a member with cybersecurity expertise [1] [3] [9], which affects decision-making [3] [9]. While 60% of CISOs acknowledge that such members influence security decisions [1] [4] [8], only 29% feel they receive adequate budgets for cybersecurity initiatives [2] [6] [7] [9], raising concerns about the effectiveness of organizational protection [5]. In contrast, 41% of board members believe their cybersecurity budgets are sufficient [2], indicating a disconnect between the two groups. This discrepancy is reflected in the experiences of CISOs [10], many of whom have had to make budget-related cutbacks, including delaying security updates (52%) [2], reducing security solutions to save on licensing (50%) [2], and freezing promotions and hiring (40%) [2]. Notably, 94% of CISOs report experiencing disruptive cyberattacks [3], further highlighting the impact of these budget constraints.
Despite the increased involvement of CISOs, 55% of board members believe CISOs should enhance their business acumen, compared to 40% of CISOs who feel the same [10]. Emotional intelligence and communication skills are also areas of concern [10], with 45% of board members emphasizing the need for improvement in emotional intelligence versus 35% of CISOs [10], and 52% prioritizing communication skills compared to 47% of CISOs [10]. Additionally, knowledge of regulation and compliance is seen as important, with 44% of board members valuing it compared to 57% of CISOs. CISOs are expected to develop new business leadership skills [4], with 53% reporting that their responsibilities have become more complex [4] [6].
Many CISOs express concern about their ability to protect the organization [9], emphasizing the impact of reduced resources and tools on security measures. Strong collaboration and communication across departments are essential for CISOs to balance security needs with business objectives [1]. CISOs with healthy relationships with board members report better alignment with board priorities (86% vs. 59%), greater success in securing budgets (69% vs. 57%) [5], and a superior understanding of cybersecurity issues (62% vs. 46%) [5]. However, there is a notable disparity in perceptions between CISOs and board members regarding their relationship; 61% of CISOs rate their relationship with the board as very good to excellent [2], whereas only 43% of board members share this positive view [2]. Boards tend to prioritize business growth (44%) over security growth (34%) [2], indicating a preference for funding cybersecurity initiatives that demonstrate clear value to the organization [2].
To bridge the gap between CISOs and board members [10], education on cybersecurity for boards and positioning security as a business enabler for CISOs is essential [10]. CISOs need to articulate the return on investment (ROI) of security initiatives and understand the broader business context. Boards that include a CISO member report significantly better outcomes in setting strategic cybersecurity goals [1], communicating progress [1] [6], and budgeting effectively [1], with 80% of such boards noting effective collaboration. Board members should foster a security-first culture and engage CISOs as key stakeholders in enterprise risk and governance decisions [10].
Despite closer alignment on security priorities [1] [6], gaps remain between CISOs and boards [1] [3] [5] [6], particularly regarding innovation with emerging technologies and upskilling security employees [1] [3] [6] [7]. While there is agreement on core cybersecurity key performance indicators (KPIs), 79% of CISOs report that these KPIs have changed significantly in recent years [1]. A notable difference exists in how success is measured [1], with 46% of CISOs viewing the attainment of security milestones as indicative of success [1] [8], compared to only 19% of board members [1] [4] [8]. Additionally, there is a disconnect regarding the importance of compliance [7], with only 15% of CISOs ranking it as a top performance metric compared to 45% of board members [6] [7] [9].
The insights presented reflect the evolving role of CISOs and their relationship with boards, emphasizing the importance of collaboration to achieve mutual goals and enhance organizational security [5]. The need for CISO education on business operations and the importance of understanding the language of the business is critical for fostering effective communication and collaboration.
Conclusion
The integration of CISOs into executive leadership roles marks a significant advancement in organizational security strategy. However, the disparity in perspectives between CISOs and board members on budget allocation, skill development, and performance metrics poses challenges. To mitigate these issues, fostering a security-first culture [1] [3] [6] [7] [10], enhancing communication [1] [3] [6] [7] [9] [10], and aligning security initiatives with business objectives are crucial. As the cybersecurity landscape continues to evolve, organizations must prioritize collaboration and education to ensure robust protection against emerging threats.
References
[1] https://www.splunk.com/enus/newsroom/press-releases/2025/splunk-report-cisos-gain-influence-in-the-c-suite-and-boardrooms-worldwide.html
[2] https://betanews.com/2025/01/23/cisos-get-more-time-in-the-boardroom-but-struggle-with-budgets/
[3] https://cioinfluence.com/security/splunk-report-cisos-gain-influence-in-the-c-suite-and-boardrooms-worldwide/
[4] https://inforchannel.com.br/2025/01/23/cresce-a-influencia-do-ciso-no-board-das-empresas-aponta-estudo-da-splunk/
[5] https://www.splunk.com/enus/blog/leadership/the-power-of-partnerships-between-cisos-and-their-boards.html
[6] https://ai-techpark.com/cisos-gain-influence-in-the-c-suite-and-boardrooms-worldwide-splunk/
[7] https://www.prnewswire.com/news-releases/splunk-report-cisos-gain-influence-in-the-c-suite-and-boardrooms-worldwide-302357998.html
[8] https://www.securityinfowatch.com/security-executives/press-release/55263064/splunk-cisos-gain-influence-in-the-c-suite-and-boardrooms-worldwide
[9] https://finance.yahoo.com/news/splunk-report-cisos-gain-influence-130000896.html
[10] https://www.infosecurity-magazine.com/news/cisos-increase-boardroom-influence/
