Who should the CISO report to?

Team & Organizational Design Security Strategy & Roadmap

CEO19%

COO22%

CFO14%

CIO33%

Board7%

Not sure2%

Other (please specify in the comments)1%

203 PARTICIPANTS

2.5k views2 Comments

Sort by:

Director of Engineering in Healthcare and Biotech2 years ago

Chief Compliance Officer or Chief Legal Officer are two other options. Key is independence between the CISO and the CIO to ensure unbiased oversight of cybersecurity independent of IT operational priorities.

Executive Director of Technology in Healthcare and Biotech2 years ago

Agree with Brad. It's an absolute conflict of interest to report to the CIO in my opinion. I'd go with CEO most likely.

Content you might like

What’s the top cybersecurity challenge concerning your organization right now?

AI-driven threats (deepfakes, automated attacks) 21%

Software supply chain risks 21%

Insider risk (both malicious & accidental) 13%

Regulatory compliance 11%

Cloud misconfigurations 13%

Shadow IT (or shadow AI) 11%

Ransomware 4%

Talent shortage in cybersecurity4%

Something else (comment to explain)2%

View Results

What sorts of challenges have you encountered in adapting your governance framework to address AI adoption across business units, and how are you attempting to resolve these?

What technological innovation will impact the world most?

Artificial Intelligence / Machine Learning41%

Automation18%

Cloud17%

Edge / IoT6%

Augmented / Virtual Reality6%

Blockchain4%

5G3%

Other (comment)

View Results

Most of the application team I lead is in Brazil and the global IT leadership (US-based) now wants to move some of that work to a new global delivery center in India to be more cost effective, but I have doubts. The Brazil team is delivering good quality — is cost efficiency enough reason to relocate the work? What are the biggest pros/cons we need to consider?

Are you seeing changes in the quality or speed of threat intelligence from sources you relied on in previous years? Can you share how you are being impacted so far by the uncertainty around public-private partnerships for cyber information sharing?

Who should the CISO report to?

Sort by:

Content you might like

What’s the top cybersecurity challenge concerning your organization right now?

What sorts of challenges have you encountered in adapting your governance framework to address AI adoption across business units, and how are you attempting to resolve these?

What technological innovation will impact the world most?

Are you seeing changes in the quality or speed of threat intelligence from sources you relied on in previous years? Can you share how you are being impacted so far by the uncertainty around public-private partnerships for cyber information sharing?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

2024 Product Management Priorities and Challenges

Data-Driven Customer Experience: Uniting D&A and CX Teams

Navigating Economic Uncertainty in 2024: IT Leader Perspectives

Take Your Insights On-the-Go