A new survey from Deloitte Global shows that 20% of businesses now have their chief information security officers (CISOs) reporting directly to the CEO rather than CIOs, indicating the expanding influence of the role within organisations.
The fourth edition of the “Global Future of Cyber Survey” is based on responses from nearly 1,200 cyber decision-makers across 43 countries and six industries. It details how cybersecurity is becoming central to strategic growth for many organisations, with a noticeable rise in the prominence of the CISO role.
“The rise of AI and other evolving technologies has significantly transformed the threat landscape,” said Deloitte’s global cyber leader, Emily Mossburg. “As threats become more sophisticated and impactful to core business, CISOs are increasingly required to adopt a more strategic role driving cross business risk prioritisation and mitigation.
“The close relationship between CISOs and CEOs is a testament to the role security plays in a business’s long-term success. Today, CISOs are not only protectors against outside threats, but key players helping their organisation find success by integrating cyber considerations in the strategic decision-making process.”
Approximately one-third of respondents reported an increase in CISO involvement in strategic discussions about technology capabilities over the past year. This shift underscores the growing importance of CISOs in shaping organisational resilience and technology strategies.
CISO role becoming more influential as advisers to CEOs and boards
In response to a rising number of cyberattacks, CISOs are becoming more influential as advisers to CEOs and boards. Their expanding responsibilities are driven by a rise in AI-generated threats, which exploit vulnerabilities by impersonating trusted sources. On average, 39% of respondents are extensively using AI in their cybersecurity programmes, indicating an increasingly integrated approach to cybersecurity within businesses.
Cybersecurity is also playing an influential role in safeguarding investments in technology, with focus areas including cloud (48%), Generative AI (41%), and data analytics (41%). High-performing, cyber-mature organisations are characterised by consistent cyber planning, strategic engagement at the board level, and the use of AI to strengthen capabilities. These organisations expect to achieve their business outcomes by 27% more on average compared to global respondents overall.
The urgency of maintaining secure systems is underscored by the finding that 25% of respondents from cyber-mature businesses reported experiencing 11 or more cybersecurity incidents in the past year, a 7% increase from 2023. The evolving threat landscape is further highlighted by data-loss-related incidents, which impacted 28% of organisations in 2024, an increase of 14% compared to last year.
Organisations increasingly recognise cybersecurity as essential to their technology infrastructure, strategic planning, and growth objectives. The survey indicates that leading outcomes from cybersecurity initiatives include the protection of intellectual property (46%), improved threat detection and response (44%), and enhanced efficiency and agility (44%).
A significant majority (83%) agree that tools such as qualitative risk assessments and benchmarking are integral to their overall strategy. Over half (58%) expect to integrate cybersecurity spending with other budgets, such as digital transformation, IT initiatives, and cloud investments. Additionally, 57% of respondents anticipate increasing their budget for cybersecurity over the next 12 to 24 months.