Skip to main content
close search
site logo
Dive Brief

CISOs are gaining influence among corporate leadership

A Deloitte Global report shows CISOs are involved in a growing set of strategic decisions about digital transformation, cloud and other technology issues.

Published Oct. 21, 2024
David Jones's headshot
Reporter
Header image for "How CFOs and CISOs Can Build Strong Partnerships"
Getty Images via Getty Images

Dive Brief:

  • The CISO is morphing into a more influential member of corporate leadership as companies around the world are becoming more strategic in how they manage cybersecurity risk, according to a report released Monday by Deloitte Global
  • About one-third of respondents reported a significant increase in CISOs participating in strategic conversations about technology-related capabilities, the report found. The report is based on a survey of 1,200 cyber decision makers at the director level or above. 
  • One in five respondents said their CISO reports directly to the CEO, a sign of the growing importance of cybersecurity within companies across the globe. It is still common for security to fall under IT leadership, with more than one-quarter of CISOs reporting to CIOs.

Dive Insight:

As cybersecurity concerns grow around the globe, senior executives and board members are looking to the CISO to help shape how companies manage risk and think strategically about growing technology estates. 

"The reasoning for the role’s growth is simply that many boards and C-suites now require or need further knowledge into potential threats, security vulnerabilities, risk scenarios, and actions needed for greater resilience," Emily Mossburg, Deloitte Global cyber leader said via email.

Companies are integrating cybersecurity concerns into larger technology spending priorities, including digital transformation, IT programs and cloud investments. As companies become more interconnected with each other, there has been a greater emphasis placed on making sure third-party connections are secure. 

The role of CISO has taken on heightened importance in recent years as the Securities and Exchange Commission implemented requirements for companies to disclose material cyber breaches or attacks.

The rule applies not only for companies based in the U.S., but for foreign companies that trade on U.S. markets. The SEC also requires companies to disclose certain information about cyber strategy in annual reports. 

Companies have historically failed to disclose material cyber incidents to government authorities, and in the case of ransomware, have actively shielded that information from public knowledge. A Senate report released in 2022 showed the vast majority of ransomware attacks and crypto-based payments were not reported to the government.

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell