Who should the CISO report to?

Team & Organizational DesignSecurity Strategy & Roadmap

CEO14%

COO29%

CFO15%

CIO33%

Board5%

Not sure1%

Other (please specify in the comments)1%

208 PARTICIPANTS
2.6k viewscircle icon2 Comments
Sort by:
Director of Engineering in Healthcare and Biotech2 years ago

Chief Compliance Officer or Chief Legal Officer are two other options. Key is independence between the CISO and the CIO to ensure unbiased oversight of cybersecurity independent of IT operational priorities.

Executive Director of Technology in Healthcare and Biotech2 years ago

Agree with Brad. It's an absolute conflict of interest to report to the CIO in my opinion. I'd go with CEO most likely. 

Content you might like

Apart from compliance concerns, what are the toughest roadblocks currently preventing organizations from adopting AI-enabled security solutions?

Read More Comments

Can you implement DevOps without a platform team?

Yes, no problem18%

Yes, but it's challenging48%

No, it's not really possible28%

Absolutely not3%

Not sure

View Results

Are you changing any team structures or organizational models that you relied on in previous years? What are you reevaluating to ensure organizational agility?

Read More Comments

What do you consider your top 3 security challenges in 2022?

Proliferation of software vulnerabilities in 3rd party applications.29%

Difficulties finding and hiring qualified security professionals.54%

Continued effort to secure the remote workforce.12%

Budget limitations4%

View Results

What are the fundamental leadership capabilities that are needed for an era of exponential technology and AI innovation?

Read More Comments