The CISO job has outgrown its old definition. What started as a technical role has become a test of strategy, stamina, and leadership — and the scope keeps widening. According to Foundry’s 2025 Security Priorities Study, a majority of security leaders say their roles have expanded in the past year, and more than half now brief their boards multiple times a month. The CISO’s reach has extended well beyond cybersecurity operations to encompass enterprise risk, compliance, privacy, and AI oversight — a shift that’s redefining what leadership looks like at the top of the security organization.
The expanding scope reflects how integral security has become to every aspect of business. Today’s CISOs are taking on ever more responsibilities and functional roles, with many overseeing not just cybersecurity but also risk management, compliance, and even operational domains such as business continuity, data governance, and AI oversight. Some security leaders have added ESG or physical security to their remit — an acknowledgment that cyber risk is inseparable from business resilience.
That expansion has elevated the CISO’s standing. In many enterprises, security leaders are now core members of executive decision-making teams, often helping to shape M&A strategy, product direction, and corporate governance. “CISOs of the present and the future need to get out of being just technologists and build their influence and communication muscle,” said Bread Financial’s Gaurav Kapil in a recent CSOonline article on CISO leadership. “It’s not transactional but more of a value-based conversation.”
Foundry
But greater influence comes with greater strain. Nearly one in four CISOs say they’re considering leaving the profession due to stress. Role creep has become a real issue, as some organizations consolidate additional duties — from physical security to sustainability — under the same leader. The expectation to oversee everything from ransomware readiness to ESG metrics has created what some describe as a “hodgepodge” of responsibilities that can be unsustainable without the right support structure.
Those tensions — between rising expectations and personal bandwidth — are front and center at this year’s CSO Conference panel, “Navigating Through Uncertainty: Staying Alert and Staying Sane.” Moderated by Bob Bragdon, the discussion brings together Jonathan Chow (Genesys), Frank DePaola (Enpro), and Marcus Johnston (Precisely) to explore how top security executives are balancing expanded mandates with mental resilience and sustainable leadership.
The takeaway: The CISO role has evolved from technologist to strategist, from security operator to business risk steward. The influence is real — so is the pressure. As boards turn to security leaders for guidance on everything from AI policy to operational resilience, CISOs are proving indispensable to the enterprise. The challenge now is making the job sustainable for those tasked with defending not just networks, but the business itself.
The CSO Security Priorities study for 2025 will be presented during a discussion at the annual CSO Conference & Awards, October 20–22 at the Grand Hyatt Indian Wells. Join leading CISOs as they share strategies for managing growing responsibilities, sustaining resilience, and leading effectively amid constant uncertainty.
For more information about the agenda and speakers, please visit: https://event.foundryco.com/cso-conference-awards/agenda/
No Responses