Summary
Splunk’s The CISO Report highlights the ongoing challenge CISOs face in aligning security priorities with boards; as conversations continue about shifting the conversation beyond compliance and establishing cyber security’s role in broader business resilience.
Chief Information Security Officers (CISOs) are under increasing pressure as they navigate a rapidly evolving cyber security landscape. Their growing presence in the boardroom has not eased this burden; many find themselves balancing mounting security threats, regulatory demands, and executive expectations. With heightened accountability for security incidents, they often face difficult decisions when compliance risks arise. While boards and CISOs share a common goal of protecting the organisation, differing perspectives can create tensions. “Despite the gaps, they share a duty to safeguard the company. Boards protect profitability and stock price; CISOs protect data and systems. This is something to build on. But it will take communication, understanding, and a generous dose of patience to come together,” say the authors of The CISO Report by Splunk.
Splunk’s The CISO Report, which surveyed 500 security leaders and 100 board members across 16 industries, highlights the growing influence of CISOs in corporate leadership as well as ongoing challenges in aligning security with business priorities. More than one in five CISOs (21%) have been pressured to withhold compliance issues rather than report them. Many board members assume CISOs focus on aligning security with business objectives; however, much of their time is spent managing technology rather than shaping corporate strategy. Compliance is another area where perspectives differ; 45% of board members see it as a key performance metric, while only 15% of CISOs do, often viewing it as a basic requirement rather than a measure of security effectiveness. These gaps in understanding can make it harder to secure budgets and fully integrate cyber security into business planning. Splunk’s research suggests CISOs who frame cyber security as a business enabler, highlighting financial risks like downtime, regulatory fines, and reputational damage, may gain stronger board-level support. Likewise, boards that involve CISOs in risk and governance decisions can better embed security into business strategy. A more open dialogue and shared understanding could ease pressures on CISOs while strengthening the organisation’s overall security posture.