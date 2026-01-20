CISOs are becoming ever more powerful at work - even more than other C-level execs
CISOs are getting much higher responsibilities
- Half of CISOs say their responsibilities have grown over the past year
- CISOs are climbing the ladder and ending up at the executive level
- 28% of CISOs across all industries say their role is no longer manageable
Executive-level CISO roles are on the up, growing from 33% in 2023 to 47% in 2025, per a new IANS report which explores changes to the role.
Previously, CISOs frequently reported into IT leadership, and while this is still the case 64% of the time, the remaining 36% sees them reporting to business and C-suite leaders.
IANS Research Faculty member Steve Martano explained the reason behind higher-ranking CISOs is the increasing importance of cybersecurity. The clearest increase is in publicly listed firms worth over $1 billion, where 55% of CISOs are now at executive level compared with 36% in 2024 and 34% in 2023.
The CISO role is getting bigger
The report also details the expansion of the CISO role in general, with half (52%) worried that their scope is no longer fully manageable, especially in smaller organizations. A similar number (53%) also noted that their responsibilities have grown over the past year.
Besides the obvious – infosec responsibilities and business risk responsibilities – many CISOs also have responsibility over IT compliance, operations, infrastructure, architecture and networking.
This isn't necessarily a bad thing, though, as IANS reveals – growing scope can encourage greater collaboration, with 91% engaging with the CIO or CTO at least monthly, ensuring that C-suite leaders are singing from the same hymn sheet.
That said, there are challenges. A quarter (28%) say that their role is no longer manageable, but this climbs to a staggering 58% within the education sector which is typically not a tech-centric one. Understaffing, budget and cost constraints, operational overload and structural gaps were mentioned alongside expanded scope.
"Understanding how organizations define scope, reporting structure, and leadership access and visibility is critical for CISOs planning their next move and for companies looking to hire or retain security leaders," Martano concluded.
