SINGAPORE, January 30, 2025 – A new global report by Splunk, in collaboration with Oxford Economics, highlights the growing influence of Chief Information Security Officers (CISOs) in corporate leadership and boardrooms worldwide. The 2025 CISO Report reveals that 82% of CISOs now report directly to their CEO, a significant rise from 47% in 2023. Additionally, 83% of CISOs frequently participate in board meetings, underscoring their increasing role in shaping business strategy and governance.
The report, which surveyed 600 security leaders and board members across 10 countries and 16 industries, explores the evolving responsibilities of CISOs as cybersecurity becomes a critical driver of business success. It also identifies key challenges and opportunities in aligning security priorities with broader organisational goals.
CISOs as Strategic Leaders
The findings indicate that CISOs are no longer confined to technical roles but are increasingly seen as strategic decision-makers. Michael Fanning, Chief Information Security Officer at Splunk, emphasised the importance of this shift: “As cybersecurity becomes central to business success, CISOs and boards must work together to close gaps, align priorities, and foster digital resilience. CISOs need to understand the broader business landscape and effectively communicate the value of security investments, while boards must embrace a security-first culture and consult CISOs on risk and governance matters.”
Shefali Mookencherry, Chief Information Security and Privacy Officer at the University of Illinois Chicago, echoed this sentiment, noting that the growing complexity of the CISO role requires strong collaboration across departments. “CISOs must balance security needs with business goals and articulate the value of security initiatives to diverse stakeholders, from board members to staff and students,” she said.
The Impact of CISO-Board Alignment
The report highlights the benefits of closer collaboration between CISOs and boards. Boards with at least one member possessing cybersecurity expertise reported stronger relationships with security teams and greater confidence in their organisation’s security posture. For example, 80% of such boards reported excellent alignment on strategic cybersecurity goals, compared to just 27% of boards without a CISO member.
CISOs with robust board relationships also demonstrated better collaboration across their organisations, particularly with IT operations (82%) and engineering teams (74%). These CISOs were more likely to leverage generative AI for threat detection, data analysis, and incident response, showcasing the strategic advantages of strong leadership ties.
Bridging the Gap: Priorities and Skills
Despite progress, the report identifies persistent gaps between CISOs and boards. For instance, 52% of CISOs prioritise innovating with emerging technologies, compared to only 33% of board members. Similarly, upskilling security employees and contributing to revenue growth initiatives were higher priorities for CISOs than for boards.
Boards also expect CISOs to develop new skills to enhance their business leadership capabilities. While 55% of boards emphasised the importance of business acumen, only 40% of CISOs agreed. Emotional intelligence and communication skills were also highlighted as areas for improvement.
Compliance and Budget Challenges
The report underscores the growing complexity of regulatory environments, with faster incident reporting requirements and increased liability for CISOs. However, only 15% of CISOs ranked compliance status as a top performance metric, compared to 45% of boards. Alarmingly, 21% of CISOs admitted to being pressured not to report compliance issues, though 59% said they would blow the whistle if their organisation ignored compliance requirements.
Budget constraints further complicate the CISO’s role. While 41% of board members believe cybersecurity budgets are adequate, only 29% of CISOs agree. Budget cuts have led to reduced security tools, hiring freezes, and decreased training, with 64% of CISOs citing concerns that they are not doing enough to address threats. Notably, 94% of CISOs reported experiencing disruptive cyberattacks, with 55% facing multiple incidents.
The 2025 CISO Report paints a picture of a rapidly evolving role, with CISOs gaining greater influence but facing mounting challenges. As cybersecurity becomes integral to business resilience, the report calls for stronger alignment between CISOs and boards, increased investment in security initiatives, and a focus on developing the skills needed to navigate an increasingly complex threat landscape.
The survey, conducted in June and July 2024, included 500 CISOs, CSOs, or equivalent security leaders and 100 board members from 10 countries and 16 industries. Oxford Economics also conducted eight in-depth interviews with CISOs and board members to provide qualitative insights.