CISOs need to learn how to work with CEOs and Boards!

Darkreading.com reported that “As organizations face mounting regulatory pressure, relentless cyberattacks, and the accelerating pace of digital transformation, CISOs' ability to work effectively with CEOs and boards has never been more critical. In fact, it's a crucial factor in keeping the security program aligned with business objectives and executive expectations.”  The November 13, 2025 article entitled " How CISOs Can Best Work With CEOs and the Board: Lessons From the Field” (https://www.darkreading.com/cyber-risk/how-cisos-can-best-work-with-ceos-and-the-board-lessons-from-the-field) included these comments:

What does that "effective relationship" between the CEO and the board look like in practice? How are such relationships built and maintained? Let's explore the strategies and best practices that define the modern CISO's engagement with top leadership.

A recent survey revealed considerable differences among companies in terms of providing CISO access to the CEO and boardroom. The report, by IANS and Artico Search, surveyed 830 CISOs regarding roles, compensation, job satisfaction, board engagement, and career development.

First, the positive news: According to the survey, 28% of CISOs report directly to the CEO or occupy a high-ranking position in the company's hierarchy. These CISOs also maintain regular engagement with the board, meeting at least quarterly, either in full board sessions or as members of subcommittees.

The remaining CISOs don't fare as well. Precisely 50% of respondents excel at C-suite access or boardroom influence, but not both. The remaining 22% have limited executive-level access due to their lower organizational rank and sporadic participation in board meetings.

Experts say poor CISO and C-suite influence puts security behind the eight ball, always trying to catch up with changes that the security team didn't know were coming until late in the process.

What do you think?