CISOs gain greater influence in corporate boardrooms

A new global study from Splunk and Oxford Economics has revealed significant shifts in the professional landscape of Chief Information Security Officers (CISOs), highlighting their increasing influence within corporate boardrooms.

The study, titled "The CISO Report 2025," surveyed 600 respondents, including CISOs, Chief Security Officers (CSOs), equivalent security leaders, and board members across ten countries worldwide. It underscores the evolving prominence of CISOs, with 82% now reporting directly to the CEO, up from 47% in 2023.

Additionally, 83% of CISOs are now regularly involved in board meetings, which emphasises their growing role in strategic decision-making processes. The survey covered diverse regions including Australia, New Zealand, Japan, Singapore, India, the United Kingdom, the United States, France, Germany, and Italy.

In Australia, the report presents intriguing trends where 91.2% of CISOs surveyed now report to the CEO. Participation in board meetings among Australian CISOs is also notable, with 71.5% doing so most of the time or somewhat often. Furthermore, 71% of Australian CISOs assert that cybersecurity-aware board members have a significant influence on security decisions, with 82% of boards having at least one such member.

Michael Fanning, Chief Information Security Officer at Splunk, commented on the report's findings: "As cybersecurity becomes increasingly central to driving business success, CISOs and their boards have more opportunities to close gaps, gain greater alignment, and better understand each other in order to drive digital resilience." He added that the alignment between CISOs and boards is crucial for fostering a "security-first culture" within organisations.

Shefali Mookencherry, Chief Information Security and Privacy Officer at the University of Illinois Chicago, also weighed in: "As the role of the CISO grows more complex and critical to organisations, CISOs must be able to balance security needs with business goals, culture, and articulate the value of security investments." She highlights the importance of strong relationships across departments and stakeholders in bolstering cybersecurity and privacy programmes.

The study further discusses the positive impact of having board members with a cybersecurity background. These members foster stronger relationships with security teams and have more confidence in their organisation's security stance. For instance, boards with a CISO member report higher effectiveness in setting strategic cybersecurity goals and communicating progress, compared to boards without such expertise.

CISOs with robust board relationships report improved collaboration with IT operations and engineering, allowing them to explore advanced technologies like generative AI for enhanced threat detection and response. However, gaps persist in priority alignment between CISOs and boards, particularly around emerging technologies, upskilling, and revenue growth.

Expectations for CISOs to develop leadership skills add complexity to their role, with many recognising a gap in business acumen, emotional intelligence, and communication. These skills, considered vital by boards more than by CISOs themselves, underscore the challenges in bridging the boardroom-IT divide.

Maintaining compliance remains a critical business element, although 15% of CISOs consider it a top performance metric, contrasting sharply with 45% of board members. Budgeting issues also surface as a concern, with 29% of CISOs claiming sufficient budgets compared to 41% of board members.

CISOs express concerns over budget constraints impacting cybersecurity capabilities, with reports indicating that reduced budgets have led to hiring freezes, decreased security training, and compromised security solutions. A noteworthy 94% of CISOs report having experienced disruptive cyberattacks, indicating the serious repercussions of budget misalignments.