Press note. The promotion of the Security Director (CISO) to Senior Management entails greater collaboration with the CEO and with the Executive Committee, participating in strategic decision making for the company. According to a new Splunk Global Report, 82% of the statements consulted now report directly to the CEO, a significant increase compared to 47% in 2023.
The report The CISO Report 2025prepared in collaboration with Oxford Economics and that analyzes objectives, priorities and strategies of the fissus and executive committees, also reveals that 83% of the fissus participate in the meetings of the Board of Directors with some frequency or most of the time.
“As cybersecurity becomes increasingsays Michael Fanning, director of Information Security at Splunk. “For the fissus, that means understanding the business beyond their IT environments and finding new ways to transmit the return on the investment of security initiatives. For members of the Executive Committee, it implies committing to a culture of security and consulting the CISO as the main part interested in decisions that affect risk and business governance ”.
According to the report, the collaboration between the fuds and the board of directors is especially relevant in the following areas:
- Establish and align with strategic cybersecurity objectives (80% for the fissus and 27% in the case of other members of the Board).
- Communicate progress in relation to milestones and the achievement of security objectives (60% fenins and 16% other members of the Board).
- Adequately budgeting to achieve the objectives (50% fenins and 24% for other members of the Board).
- The knives that maintain good relations with managers also tend to reinforce collaboration throughout the organization, and report particularly solid alliances with IT operations (82%) and the Engineering Department (74%).
However, gaps still persist between the fissus and the boards of directors in terms of main priorities, including:
- Innovation with emerging technologies (52% of the fissions consider it a priority compared to 33% of the members of the Board of Directors).
- Training and recycling of security employees (51% for the fissus compared to 27% for members of the Executive Committee).
- Contribution to income growth initiatives (36% fenins and 24% board of directors)
In addition, although managers and fissures coincide in the key indicators of cybersecurity performance, 79% of the fissions claim that these indicators have changed substantially in recent years without being taken into account.
The lack of alienation in terms of budgets For cybersecurity it also persists: only 29% of the fissus consider receiving the appropriate budget for cybersecurity initiatives and to achieve their objectives, compared to 41% of the members of the Board of Directors. Likewise, 18% of the fissions have not been able to support a business initiative due to budget cuts in the last 12 months, and 64% admit that at least one cyber attack was a consequence of the lack of investment.
