Splunk Reveals CISOs’ Rapid Rise to Corporate Power

Share
Splunk research shows cybersecurity chiefs gaining unprecedented access to CEOs
Splunk research shows dramatic shift in cybersecurity chief influence as direct CEO reporting jumps from 47% in 2023, despite board expertise gaps

The position of corporate cybersecurity chiefs has transformed from technical specialists to strategic leaders in the past decade. This shift reflects the increasing financial and reputational damage of cyber attacks, which cost organisations an average of US$4.5m in 2023 according to IBM research.

The elevation of cybersecurity to a board-level concern comes as attacks on critical infrastructure increase and regulatory pressures mount. In the United States, the Securities and Exchange Commission now requires companies to disclose material cybersecurity incidents within four business days, while the European Union’s NIS2 directive has expanded reporting obligations for organisations across 18 sectors.

Against this backdrop of heightened risk and regulation, new research indicates a fundamental change in how organisations position their security leadership. A study from Splunk, the security monitoring and observability software company, reveals cybersecurity executives are gaining unprecedented access to chief executives and corporate boards.

The research, conducted with Oxford Economics, indicates 82% of Chief Information Security Officers (CISOs) now report to their organisation’s CEO, compared to 47% in 2023. The study shows 83% of CISOs participate in board meetings either somewhat often or most of the time.

Key facts
  • 94%: CISOs who report their organisations have experienced disruptive cyberattacks
  • 59%: Security chiefs who would become whistleblowers if compliance requirements were ignored
  • 21%: CISOs who have faced pressure not to report compliance issues

Despite this increased access, only 29% of organisations have board members with cybersecurity expertise, even as 60% acknowledge these members have more influence over security decisions.

Splunk CISO and Board Relationships Show Skills Gap

The findings reveal a disconnect between board members with cybersecurity experience and those without. Board members who previously served as CISOs express more confidence in their organisation's security position, with only 37% concerned about insufficient protection compared to 62% of other board members.

Michael Fanning, Chief Information Security Officer at Splunk, says: “As cybersecurity becomes increasingly central to driving business success, CISOs and their boards have more opportunities to close gaps, gain greater alignment, and better understand each other in order to drive digital resilience.”

Michael Fanning, Chief Information Security Officer at Splunk

The research indicates boards with former CISOs as members report stronger working relationships in strategic planning, with 80% rating the relationship as excellent or very good, compared to 27% for boards without CISO representation.

CISOs with effective board relationships report stronger partnerships across their organisations, with 82% citing strong IT operations collaboration compared to 69% of other security chiefs. These CISOs also report better access to emerging technologies, with 43% pursuing generative AI for threat detection compared to 31% of their peers.

Skills and Priorities Show Growing Divisions

The study identifies gaps between board and CISO priorities. Fifty-two percent of CISOs prioritise emerging technologies compared to 33% of board members. Employee upskilling shows a similar divide, with 51% of CISOs rating it as crucial versus 27% of board members.

Youtube Placeholder

Boards emphasise different skills for CISOs than security chiefs themselves. Business acumen shows the largest gap, with 55% of boards rating it essential compared to 40% of CISOs. Similar disparities exist in emotional intelligence, valued by 45% of boards versus 35% of CISOs.

Splunk Research Reveals Budget Constraints Hit Security

The study highlights budget pressures facing security programmes. Only 29% of CISOs report receiving sufficient funding for cybersecurity initiatives, while 41% of board members believe current budgets are adequate.

These budget constraints have led to security programme reductions. Half of CISOs report cuts to security tools, 40% face hiring freezes, and 36% have reduced security training programmes.

Splunk

The impact of these cuts is significant. Eighteen per cent of CISOs report an inability to support business initiatives due to budget reductions in the past year, with 64% stating these constraints contributed to a cyber attack. The research shows 94% of organisations have experienced disruptive cyber attacks, with 55% facing multiple incidents.

Compliance and Whistleblowing Pressure Mounts on CISOs

The regulatory environment presents new challenges for security executives. While boards rank compliance status as a key metric, with 45% prioritising it, only 15% of CISOs consider it a top performance indicator.

The research reveals pressure on CISOs regarding compliance reporting. Twenty-one percent of security chiefs report experiencing pressure to withhold compliance issues. However, 59% indicate they would act as whistleblowers if their organisation ignored compliance requirements.

CISOs and their boards have more opportunities to close gaps, gain greater alignment, and better understand each other in order to drive digital resilience

Michael Fanning, Chief Information Security Officer, Splunk

Performance metrics for security teams have changed substantially according to 79% of CISOs. Forty-six percent of security chiefs cite security milestone achievement as a success indicator, compared to 19% of board members.

Shefali Mookencherry, Chief Information Security and Privacy Officer at the University of Illinois Chicago, says: “Leading and managing the cybersecurity and privacy programmes at a higher education institution requires strong collaboration and communication with everyone from board members to privacy leaders, staff, faculty and students to ensure security is integrated into all aspects of the organisation.”


Explore the latest edition of Cyber Magazine and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.

Discover all our upcoming events and secure your tickets today. 


Cyber Magazine is a BizClik brand

Share

Featured Articles

AWS and Exclusive Networks: enhancing cloud security

Exclusive Networks has signed two agreements with AWS that enhance its cloud capabilities and provide advanced cybersecurity solutions

Arctic Wolf Completes Acquisition of Blackberry's Cylance

Arctic Wolf will incorporate Blackberry's Cylance endpoint security assets into its Aurora platform, helping organisations reduce risk exposure

AI-Powered Fraud on the Rise for Financial Institutions

Data from AuthenticID has found a rise in deepfake-related fraud attempts and synthetic identity fraud for finance firms

Sophos: Gen AI Flaws Could Negatively Impact Cybersecurity

Technology & AI

Is the UK Government Ready to Face Severe Cyber Threats?

Cyber Security

What Does DeepSeek’s Cyber Attack Mean for Data Privacy?

Cyber Security