Special Report: The Evolving CISO Role in 2024

It seems today that no matter how quickly the cybersecurity landscape continues to advance, no enterprise is safe. And, regardless of how many digital bad actors are stealing sensitive data, crippling operations, and holding businesses hostage in hopes of a huge payday, the Chief Information Security Officer (CISO) continues to bear responsibility for securing their organization’s environment. 

As threats and technology continue to evolve, so does the role of a CISO.  In a recent NightDragon survey of CISOs from some of the world’s largest companies, nearly half of the respondents said the scope of their role evolvedsignificantly within the last year alone. With new responsibilities including taking on new duties, new accountabilities within the company, and new organizational functions, it’s hard to imagine a slowdown for CISOs any time in the near future. 

 This is a significant statement regarding a role that is already expected to operate 24/7, and where a single misstep or incident can leave a security leader looking for a job or, worse, under federal investigation

While most CISOs reported feeling supported by their CEO and board of directors, there is still work to do to address challenges like talent shortages, budget availability, and management of limitations that make the CISO’s job harder. The growth of AI is also changing the role of CISO, according to 48% of respondents, as is increased investment in new technology, like the cloud and risk quantification.

This is why it is critical for organizations to support CISOs, whether it’s ensuring they have clear roles, responsibilities, support, or the resources they need. When CISOs have a voice, it changes the company’s entire approach to defending its IT environments. Enterprises can shift to a more proactive approach to addressing vulnerabilities and exert tighter control over their IT environments. This is especially important as AI drives new defensive, detection and recovery capabilities. While hackers will never stop, enterprises can get much better at protecting, detecting and recovering from an attack. 

In this report, we’ll dig deeper into the evolving scope of the CISO, the roadblocks that many still face in trying to execute, and the opportunities ahead as AI transforms the cybersecurity landscape. Our hope is to both educate leaders and organizations on how they can help support their CISOs, and more importantly, arm existing and future CISOs with the knowledge and skills needed to mitigate today’s threats. The struggles exist, but so do the opportunities.