CISOs predominantly report to CIOs and are less likely to report to CEOs now than previous years, according to a Heidrick & Struggles survey.
Just 5% of CISOs reported to the CEO this year, down from 8% in 2022 and 11% in 2021, the executive search company’s global survey of CISOs found.
Despite a slight year-over-year decrease, more than one-third of CISOs report directly to the CIO.
Heidrick & Struggles found CISOs also report to CTOs, COOs, global CISOs and chief risk officers, part of a reporting structure that underscores a leftward shift for the CISO role from compliance to technology, the research found.
“The roles and responsibilities of the CISO are changing, and it’s important that their team structure and direct reports evolve with them. The function continues to become more technical as organizations shift left,” Scott Thompson, partner at Heidrick & Struggles, said via email.
A CISO’s success depends on the weight and influence they carry within senior leadership, Thompson said.
Two-thirds of CISOs represented in the survey are two levels down from the CEO, reporting to a role that reports directly to the CEO, the survey found.
“A CISO’s reporting relationship still tends to be to a CIO, but that will likely continue to evolve as cyber continues to evolve,” Thompson said.
The firm expects the number of CISOs reporting to CIOs to decrease further as CISOs take on a more broad enterprise risk oversight role with regular presentations to the audit committee and board.
“What we are seeing, particularly this year, is that CISOs have significant visibility with the full board and its relevant committees — demonstrating that while CISOs might not have a direct line to the CEO, they are still being heard and increasingly integrated into organizational strategy,” Thompson said.
The majority of CISOs, 3 in 5, present to the full board and nearly 4 in 5 present to a special committee, the research found.
The research included responses from 262 CISOs in the U.S., Europe, the Asia Pacific region and Australia. More than half of the respondents work at companies with annual revenue above $5 billion.
Source link
