CISOs are growing influence in the boardroom

Splunk’s CISO Report 2025 also revealed that board members with a CISO background have stronger relationships with security teams and feel more confident about the organization’s security posture.

The CISO Report 2025 from Splunk revealed that 82% of surveyed Chief Information Security Officers (CISOs) now report directly to the CEO. A 43% increase from 2023, the change is a clear indication that organizations are now aware of the importance of having robust cybersecurity and how it can impact their organizations.

The study, which was commissioned by Splunk, in collaboration with Oxford Economics also detailed the goals, priorities, and business strategies for Chief Information Security Officers (CISOs) and their boards of directors

Given the increasingly complicated threat landscape as well as the growing adoption of AI use cases in businesses, the CISO now plays a key role in any organization. Board members with cybersecurity backgrounds are also now capable of influencing security decisions.

According to Michael Fanning, Chief Information Security Officer at Splunk, as cybersecurity becomes increasingly central to driving business success, CISOs and their boards have more opportunities to close gaps, gain greater alignment, and better understand each other in order to drive digital resilience.

“For CISOs, that means understanding the business beyond their IT environments and finding new ways to convey the ROI of security initiatives to their boards. For board members, it means committing to a security-first culture and consulting the CISO as a primary stakeholder in decisions that impact enterprise risk and governance. Bringing these groups together requires educating boards on the details of cybersecurity, and for CISOs to understand the language and needs of the business while also making security a business enabler,” explained Fanning.

According to the report, board members with a CISO background report stronger relationships with security teams and feel more confident about the organization’s security posture. But that’s not all. The survey revealed that board members are now setting and aligning strategic cybersecurity goals as well as communicating more on progress instead of milestones. The improved relationship between board members and CISO has also enabled organizations to budget adequately to meet goals. Specifically, 50% of boards with a CISO member are capable of achieving better budget planning compared to 24% of boards without a CISO member.

Closing gaps in security

With CISOs being part of the board, there is no doubt that they can close the gap on security policies, especially when it comes to aligning with what matters most to the organization. This includes focusing on innovations with emerging technologies, upskilling or reskilling of security employees as well as contributing to revenue growth initiatives.

CISOs with healthy and good board relationships not only tend to have better collaboration throughout the organization but are also capable of having more capabilities to pursue GenAI use cases. Among the popular GenAI use cases being pursued include creating threat detection rules, analyzing data sources, incident response and forensic investigations and proactive threat hunting.

Splunk, which is known for its observability tools, was acquired by Cisco and is now offering its capabilities with Cisco. Given this, businesses now have the chance to manage and consolidate their cybersecurity tools better.

Interestingly, while boards and CISOs agree on core cybersecurity KPIs, 79% of CISOs say KPIs for their security teams have changed substantially over the recent years. 46% of CISOs said attaining security milestones was indicative of their success, compared to only 19% of board respondents.

At the same time, regulatory and compliance requirements have become more complex, expansive, and punitive, requiring faster incident reporting and placing more liability squarely on CISOs’ shoulders. While maintaining compliance is vital to the business, only 15% of CISOs ranked compliance status as a top performance metric, a significant disconnect compared to 45% of boards. 21% of CISOs revealed they had been pressured not to report a compliance issue, however, 59% said they would become a whistleblower if their organization was ignoring compliance requirements.

Despite the survey revealing an increase of CISOs in the boardrooms, maintaining the budget for cybersecurity remains a challenge. Businesses have reduced budgets on cybersecurity but with CISOs on the board, 29% of them say they receive the proper budget for cybersecurity initiatives and accomplishing their security goals.

However, 64% of CISOs reveal that the current threat and regulatory environment make them concerned they’re not doing enough. What’s more concerning is that 18% of CISOs revealed they were unable to support a business initiative because of budget cuts in the last 12 months, and 64% said that lack of support led to a cyberattack. CISOs also reported reduced security solutions and tools, security hiring freezes, and decreased or eliminated security training as top cost-saving measures.

CISOs also remain targeted by cyber criminals with 94% percent of CISOs report being victims of a disruptive cyberattack. 55% of CISOs also experienced them at least a couple of times, and another 27% experienced them many times.