Who should the CISO report to?

Team & Organizational DesignSecurity Strategy & Roadmap

CEO14%

COO27%

CFO18%

CIO32%

Board5%

Not sure1%

Other (please specify in the comments)1%

209 PARTICIPANTS
2.6k viewscircle icon2 Comments
Sort by:
Director of Engineering in Healthcare and Biotech2 years ago

Chief Compliance Officer or Chief Legal Officer are two other options. Key is independence between the CISO and the CIO to ensure unbiased oversight of cybersecurity independent of IT operational priorities.

Executive Director of Technology in Healthcare and Biotech2 years ago

Agree with Brad. It's an absolute conflict of interest to report to the CIO in my opinion. I'd go with CEO most likely. 

Content you might like

What are the key steps to transition a Chief Information Security Officer (CISO) into a Business Information Security Officer (BISO) role while preserving advisory responsibilities and avoiding being treated as a PMO?

What’s been the best way to optimize spend?

Eliminate Redundancy31%

Re-negotiate with vendors / take advantage of incentives44%

Shut down / pause what has been inactive13%

Update legacy and leverage emerging / more financially advantageous tools11%

View Results

What are your preferred tactics for building effective collaboration on cross-functional teams involved in AI governance and risk management (e.g., joint steering committees, shared KPIs, etc.)? Which roles are currently involved?

Read More Comments

How have you adjusted the architecture of your controls for data, identity and access to better support AI governance and security?

I'm building most on... share "why" in comments...

Public Cloud73%

Private Cloud26%