Welcome to the CISO Perspectives Weekly Briefing, breaking down this week’s chatter around the evolving role of Chief Information Security Officers (CISOs). At a quick read of about four minutes, this one covers some serious ground.
A CISO’s role
Traditionally, a Chief Information Security Officer oversees an organisation’s information, cyber, and technology security. This includes protecting vital assets and ensuring that technology aligns with core business objectives. However, a worrying trend has emerged as CISOs struggle to connect with other C-Suite members.
According to Splunk’s 2025 CISO Report:
- 53% of CISOs feel their responsibilities are becoming increasingly challenging.
- 79% report significant changes in key performance indicators over recent years.
- 21% have faced pressure not to report compliance issues.
- Only 29% feel they have the necessary budget to meet security goals.
- 41% of board members believe CISO budgets are adequate.
This data highlights a troubling disconnect, as stated by Kirsty Paine, Splunk’s Field CTO: “CISOs…need to switch up their tactics to be better heard.” A board member from a multinational bank noted the challenge of justifying investments against the backdrop of uncertain threats.
Evolving the CISO
With growing cyber challenges, the CISO role must adapt. Modern CISOs must position themselves as strategic partners, capable of articulating risks and value in a way that resonates in the boardroom.
To accomplish this, CISOs should focus on:
- Codifying the role of the CISO. Establish clear definitions of responsibilities tailored to organisational context.
- Shifting communication to emphasise ROI. Highlight business impact and engage board members through translated technical metrics and risk quantification.
- Investing in strategic and leadership skills. Soft skills, along with technical expertise, are essential for fostering collaboration and trust with business leaders.
While no CISO can prevent every breach, redefining their role as a driver of strategic resilience can enhance their influence and credibility.
Key Insights
- The disconnect between CISOs and other C-Suite members is increasing, complicating their roles.
- CISOs must evolve from security protectors to strategic business partners.
- Improving communication around security ROI is essential for gaining board support.
- Investing in leadership skills alongside technical skills is crucial for modern CISOs.
Why should I read this?
If you’re in the cybersecurity field or just curious about leadership dynamics, this article is gold. It uncovers an essential shift in how CISOs need to operate amidst growing demand for accountability and strategic engagement. Dive in to understand how these changes affect your organisation and the broader industry.