CISOs in the Boardroom: Bridging the Gap Between Security and Business Leadership

2025-01-23

In recent years, Chief Information Security Officers (CISOs) have made significant strides in gaining a seat at the executive table. However, despite their growing influence, many of their C-suite counterparts believe there’s still room for improvement, particularly when it comes to business acumen and soft skills. This insight comes from Splunk’s The CISO Report 2025, which surveyed 500 CISOs and 100 board members globally.

The report reveals that 82% of CISOs now report directly to the CEO, a significant jump from 47% in 2023. Additionally, 83% of CISOs participate in board meetings “somewhat often” or “most of the time,” indicating their increasing involvement in strategic decision-making. Board members also reported strong working relationships with CISOs, particularly in areas like setting cybersecurity goals and tracking progress.

However, the report highlights persistent gaps between CISOs and their boardroom peers. Board members are more likely than CISOs to emphasize the need for security leaders to develop skills such as business acumen (55% vs. 40%), emotional intelligence (45% vs. 35%), and communication (52% vs. 47%). These gaps suggest that while CISOs are gaining influence, they still need to refine their ability to align security initiatives with broader business objectives.

Budgetary tensions also remain a sticking point. Only 29% of CISOs believe they receive adequate funding to achieve their goals, compared to 41% of board members who think the security function is well-funded. This disconnect has real-world consequences: 18% of CISOs reported being unable to support business initiatives due to budget cuts, and 64% said such lack of support led to cyberattacks.

Michael Fanning, Splunk’s CISO, emphasizes the need for greater alignment between CISOs and boards. He argues that boards must better understand cybersecurity’s role in driving business success, while CISOs need to position security as a business enabler. This requires CISOs to think beyond IT and demonstrate the return on investment (ROI) of security initiatives.

A 2024 Trend Micro report further underscores the challenges CISOs face, revealing that 79% have felt pressure to downplay cyber risks, and a third have been dismissed “out of hand” by their boards. These findings highlight the ongoing credibility gap that many CISOs must overcome to be seen as strategic partners rather than technical specialists.

What Undercode Say:

The evolving role of CISOs reflects a broader shift in how organizations perceive cybersecurity. No longer just a technical concern, it’s now a critical business function that directly impacts organizational resilience and success. However, the findings from Splunk and Trend Micro reveal that while CISOs are gaining ground, significant barriers remain.

The Credibility Gap

One of the most striking takeaways is the persistent credibility gap between CISOs and their boardroom peers. Despite their growing involvement in strategic discussions, many CISOs still struggle to convey the business value of their work. This is partly due to a lack of business acumen and communication skills, as highlighted by board members.

To bridge this gap, CISOs must adopt a more business-oriented mindset. This means understanding the organization’s financial goals, risk appetite, and competitive landscape. By framing cybersecurity initiatives in terms of ROI and business outcomes, CISOs can better align their efforts with the board’s priorities.

Budgetary Disconnects

The budgetary tensions revealed in the report are another critical issue. The fact that only 29% of CISOs feel adequately funded, compared to 41% of board members who believe the opposite, points to a fundamental misalignment. This disconnect often stems from a lack of understanding about the true cost of cybersecurity and the potential consequences of underinvestment.

CISOs must take a proactive role in educating boards about the financial and operational impacts of cyber threats. By presenting data-driven insights and real-world examples, they can make a stronger case for increased funding.

The Need for Soft Skills

The emphasis on soft skills like emotional intelligence and communication is particularly noteworthy. In many organizations, CISOs are still seen as technical experts rather than strategic leaders. To change this perception, they must hone their ability to build relationships, influence decision-making, and communicate complex ideas in a way that resonates with non-technical stakeholders.

A Call for Collaboration

Ultimately, the path forward requires collaboration. Boards must commit to a security-first culture and view the CISO as a key stakeholder in risk management and governance. At the same time, CISOs must step up as business leaders, demonstrating how cybersecurity can enable growth, innovation, and resilience.

As the digital landscape continues to evolve, the role of the CISO will only become more critical. By addressing these gaps and fostering stronger alignment, organizations can build a more secure and resilient future.