Splunk: CISOs More Involved in Decision MakingSplunk: CISOs More Involved in Decision Making

The influence of chief information security officers (CISOs) is increasing at companies across the board as these executives' voices become more prominent and vital to enterprises than ever before.

More than four in five (82%) CISO executives now answer directly to their company's CEO, according to Splunk's "The CISO Report 2025,"which details the goals, priorities and strategies of CISOs and their boards of directors. The report surveyed 600 CISOs and board members from companies worldwide to capture a picture of the industry.

The estimate of CISOs' involvement is significantly higher than the previous year, where only 47% of CISOs reported to the CEO. These officers are also now included in more board meetings, with 83% reporting that they attended board meetings sometimes or often.

Splunk's Michael Fanning

"As cybersecurity becomes increasingly central to driving business success, CISOs and their boards have more opportunities to close gaps, gain greater alignment and better understand each other in order to drive digital resilience," said Michael Fanning, chief information security officer at Splunk. "For CISOs, that means understanding the business beyond their IT environments and finding new ways to convey the ROI of security initiatives to their boards. For board members, it means committing to a security-first culture and consulting the CISO as a primary stakeholder in decisions that impact enterprise risk and governance. Bringing these groups together requires educating boards on the details of cybersecurity, and for CISOs to understand the language and needs of the business while also making security a business enabler."

Related:StructuredWeb Gets $30 Million in Invictus Funding

Tensions Between CISO Executives, Boards

The presence of a board member with a CISO background also led to boards having more substantial relationships with a company's security team and its security posture. These executives also assisted in ensuring that security priorities were established. Four in five (80%) board respondents said they had good working relationships around setting cybersecurity goals if they had a CISO involved, compared to 27% of boards that did not have a CISO involved.

These healthy relationships between boards and CISOs often lead to better collaboration throughout the organization, including with IT and engineering operations.

Not everything is in sync, however, regarding a company's board and its CISO executives. More than half (52%) of CISOs reported that their top priority involved innovating with emerging technologies, as compared to 33% of board members. The board members also expect more of their CISOs, with 55% of board members desiring CISOs to develop business acumen, as compared to 40% of CISOs thinking that way.

Related:LogicMonitor Partners Get Revamped Partner Program

CISOs and boards also appear to have a difference in thinking around compliance and budgetary matters. Only 15% of CISOs ranked compliance as a top performance metric, significantly less than board members (45%).

Nearly two in three (64%) CISOs revealed that the current threat and regulatory environment made them concerned about lack of support from that could open doors to a cyberattack.