- January 16, 2025
- Catagory IT management
CISOs Are Taking on More in 2025
The role of the chief information security officer (CISO) is continuing to evolve, and CISOs can expect to take on more responsibilities in 2025.
The 2025 State of the CISO Report recently released by IANS Research and Artico Search found that responsibilities of CISOs are broadening beyond those of cybersecurity to include expanded IT oversight, digital transformation, and risk management as cybersecurity is now being viewed through the lens business strategy and operations, not just technology deployment.
The report segments CISOs into three categories. About half are “functional CISOs,” who are strong either in executive access or boardroom engagement, but lack visibility in both areas, which limits their ability to effectively influence either of them. About 28% of CISOs are “strategic,” in that they have positioned themselves as key strategic partners and excel in both C-suite access and boardroom influence. At other end of the spectrum are 22% of CISOs who are tactical with limited access to senior leadership and the board.
Other reports support the trend toward the responsibilities and prominence of CISOs growing within the organization as cybersecurity has become a core business priority. About 72% of security decision-makers have seen their role expanded in the last year, according to CSO’s 2024 Security Priorities Study, with responsibilities expanding to risk management, innovation and emerging technologies, and securing AI-enabled technology.
In the meantime, most security leaders surveyed by CSO reported increased interactions with the board of directors, while a recent Deloitte report finds cyber leaders have increased leadership visibility.
Another trend affecting the roles of CISOs is the intersection of IT with operational technology (OT), as attacks on critical infrastructure OT increase in frequency, and CISOs are tasked with keeping the business operations running, not just warding off traditional cybersecurity threats. This can be challenging as OT environments function differently than the rest of the organization’s IT infrastructure.
The underlying theme across these reports is that CISOs are seeing more opportunities to influence the direction of the organization and help it meet strategic business objectives, but challenges are emerging as they must continue to deliver on core activities related to security while embracing new responsibilities.