Explore how CISOs and their boards can bridge divides on top priorities, budgeting, compliance approaches, and success metrics.
GAPS
CISOs and boards see things differently
More and more CISOs are interacting with the top levels of the business, with 83% participating in board meetings somewhat often or most of the time. However, the rise to the C-suite has also exposed significant divisions between CISOs and their boards.
- Only 29% said their board has a member with cybersecurity expertise
- 52% of boards think CISOs spend the most time on business enablement; only 34% of CISOs say that’s the case
- 52% of CISOs prioritize innovating with emerging technologies; just 33% of boards agree it’s a priority
COMPLIANCE
For CISOs, compliance gets personal
CISOs are taking their organization’s compliance posture seriously, as they will be held most accountable for incidents.
- 21% of CISOs revealed they had been pressured not to report a compliance issue
- 59% of CISOs would become a whistleblower if their organization ignored compliance requirements
- 57% ranked knowledge related to regulations and compliance as a top skill to develop
AI
CISOs lean into generative AI for cyber defense
While 53% of CISOs still believe AI will give attackers the upper hand, that group is shrinking from 70% in 2023.
- 70% feel AI is appropriately hyped, with 20% reporting it to be underhyped
- 38% believe they’re not adopting AI fast enough
- 65% are actively training security teams on prompt engineering
BUDGET
CISOs need more budget — but struggle to advocate for it
Cyber budgets reveal the lopsided priorities of CISOs and boards, driving security cutbacks that have real consequences.
- Only 29% report having the proper budget for cybersecurity initiatives and goals
- 62% said postponing an upgrade due to budget cuts led to a successful attack
- 64% of boards say presenting security as a business enabler is the most effective way to increase budget
