Chief Information Security Officers (CISOs) have successfully moved from the back office to the boardroom, with a new Splunk survey showing a vast majority now report directly to the CEO. This increased visibility, however, has not made their jobs easier. Instead, many CISOs report growing challenges, especially in securing adequate budgets and aligning security priorities with board members who may not fully grasp the evolving threat landscape.
A Seat at the Table, but at What Cost?
The rise of the CISO is clear from the numbers. A recent survey from Splunk reveals that 82% of CISOs now report directly to the CEO, a massive increase from just 47% two years ago. Furthermore, 83% of these security leaders regularly participate in board meetings, marking a significant shift in how cybersecurity is viewed at the highest levels of business.
But this progress has introduced new pressures. The role has expanded beyond technical defense to include business strategy, legal compliance, and communicating complex risks to non-technical executives. This has left many feeling overwhelmed.
In fact, a majority of security leaders—53%—said their jobs have become more difficult since taking on their current roles, indicating that a seat at the table comes with a heavier burden of responsibility.
The Great Disconnect on Cybersecurity Spending
One of the biggest hurdles CISOs face is the ongoing battle for funding. The survey highlights a stark reality: only 29% of CISOs believe they have adequate budgets to properly defend against modern cyber threats. This points to a dangerous gap between the perceived risk and the resources allocated to manage it.
The problem is often a difference in perspective. While CISOs are focused on reducing risk and preventing attacks, boards tend to prioritize cost efficiency and return on investment. This fundamental misalignment makes budget conversations difficult and often leaves security teams under-resourced.
This disconnect is perfectly captured in the data below, showing how CISOs and board members view the same situation very differently.
| Stakeholder | Perception of Cybersecurity Investment |
| CISO | Only 29% believe the budget is adequate. |
| Non-CISO Board Member | 41% are satisfied with current spending. |
Why a Cyber-Savvy Board Changes the Game
Despite these widespread challenges, there is a clear path to better outcomes. The report found that CISOs who work with boards containing members with cybersecurity experience report far more effective collaboration on strategy, goals, and budgets.
Jessica Sica, CISO at Weave, highlighted the benefits of working with a security-conscious board. Although she reports to the chief legal officer, her regular interactions with the board are productive. “Having their support and voice makes it easier to get my job done,” Sica stated.
However, her experience is not the norm. Currently, only 29% of CISOs report having a board with dedicated cybersecurity expertise, leaving the vast majority to navigate these complex discussions without that built-in support system.
Bridging the Gap between Security and Business
To move forward, both CISOs and boards must work to improve their mutual understanding. Michael Fanning, Splunk’s CISO, stressed that as cybersecurity becomes more central to business success, there are more opportunities to close these gaps and achieve better alignment.
Fanning suggested focusing on two key areas to foster better collaboration and build digital resilience:
- Educating the Board: Board members need a deeper understanding of cybersecurity risks and nuances to make informed, strategic decisions about resource allocation.
- Positioning CISOs as Business Partners: CISOs must continue to develop their business knowledge, framing security initiatives in terms of how they help the company achieve its broader objectives.
By focusing on these areas, organizations can transform cybersecurity from a perceived cost center into a powerful enabler of business growth and success.
Frequently Asked Questions
Why are CISO roles becoming more difficult despite their increased influence?
CISOs now have broader responsibilities that include business strategy, legal compliance, and communicating with non-technical leaders. This expanded scope, combined with budget pressures and misalignment with boards, has made the role significantly more complex and demanding.
What is the main reason for the budget disconnect between CISOs and boards?
The disconnect often comes from different priorities. CISOs focus on mitigating risks and preventing threats, while boards often prioritize metrics like cost-effectiveness and return on investment (ROI), making it hard to agree on the necessary level of security spending.
How does having board members with cybersecurity experience help a CISO?
When board members understand cybersecurity, they can collaborate more effectively with the CISO on strategy, goals, and budgeting. This shared understanding leads to better support, more appropriate funding, and a stronger overall security posture for the company.
What percentage of CISOs report directly to the CEO?
According to a recent Splunk survey, 82% of Chief Information Security Officers now report directly to their company’s CEO, which is a significant increase from 47% just two years prior.
