Key Findings
79% of CISOs say KPIs for their security teams have changed substantially over recent years.
Cost-saving measures reported by CISOs include reduced security solutions and tools (50%), security hiring freezes (40%), and decreased or eliminated security training (36%).
82% of security leaders report directly to the CEO in 2024, which is up from 47% in 2023.
51% of CISOs see upskilling or reskilling security employees as a priority, versus 27% of boards.
36% of CISOs consider contributing to revenue growth initiatives a priority compared to 24% of board members.
46% of CISOs said attaining security milestones was indicative of their success, compared to only 19% of board respondents.
18% of CISOs revealed they were unable to support a business initiative because of budget cuts in the last 12 months.
59% of CISOs said they would become a whistleblower if their organisation was ignoring compliance requirements.
64% of CISOs said that lack of support led to a cyberattack.
21% of CISOs revealed they had been pressured not to report a compliance issue.
83% of security leaders participate in board meetings "somewhat often" or "most of the time".
64% of CISOs reveal that the current threat and regulatory environment make them concerned they’re not doing enough.
CISOs with good board relationships are more likely to be given the ability to pursue use cases for generative AI, such as creating threat detection rules (43% versus 31% of other CISOs), analyzing data sources (45% versus 28% of other CISOs), incident response and forensic investigations (42% versus 29% of other CISOs), and proactive threat hunting (46% versus 28% of other CISOs).
57% of CISOs prioritize regulation and compliance knowledge, compared to 44% of board members.
29% of CISOs say they receive the proper budget for cybersecurity initiatives, compared to 41% of board members who think cybersecurity budgets are adequate.
More board members than CISOs want CISOs to develop certain skills: Business acumen: 55% of board members vs 40% of CISOs, emotional intelligence: 45% of board members vs 35% of CISOs, Communication: 52% of board members vs 47% of CISOs.
52% of CISOs consider innovating with emerging technologies a priority, compared to 33% of board members.
53% of CISOs say their responsibilities and job expectations have become more difficult since they took the job.
15% of CISOs ranked compliance status as a top performance metric, compared to 45% of boards.
18% of CISOs claimed they were unable to support a business initiative due to budget cuts in the past year, and 64% said that lack of support led to a cyberattack.
Only 29% of CISOs say their board includes at least one member with cybersecurity expertise.
When there is a CISO on the board, 80% of boards report excellent or very good working relationships with CISOs in setting and aligning on strategic cybersecurity goals, versus 27% when there isn't a CISO on the board.
For boards with a CISO member, 60% report excellent or very good working relationships when communicating progress against milestones, security goal achievement and plan of record, compared to 16% for boards without a CISO member.
More board members than CISOs want CISOs to develop certain skills: Business acumen: 55% of board members vs 40% of CISOs, emotional intelligence: 45% of board members vs 35% of CISOs, Communication: 52% of board members vs 47% of CISOs.
50% of boards with a CISO member report excellent or very good relationships when budgeting adequately to meet goals, compared to 24% for boards without a CISO member.
60% of board members acknowledge that board members with cybersecurity backgrounds more heavily influence security decisions.
Board members with a CISO background report stronger relationships with security teams and feel more confident about the organisation’s security posture.
37% of board members with a CISO background express concern that they are not doing enough to protect the organisation, compared to a survey average of 62%.
29% of CISOs say they receive adequate budget to accomplish their goals, compared to 41% of board members who think the function has enough funds.
CISOs with healthy board relationships report stronger partnerships with IT operations (82% versus 69% of other CISOs) and engineering (74% versus 63% of other CISOs).
When asked what skills CISOs should develop, the biggest gaps in importance include business acumen (55% for boards versus 40% for CISOs), emotional intelligence (45% for boards versus 35% for CISOs) and communication (52% for boards versus 47% for CISOs).
94% of CISOs report being victims of a disruptive cyberattack, with 55% experiencing them at least a couple of times, and another 27% experiencing them many times.
Strategic CISOs earn 57% more than Functional CISOs and twice as much as Tactical CISOs.