Whenever a new key business area develops, there is a need to know who is going to be responsible for it in the corporate hierarchy, and a case can be built for increased recognition of the role of chief information security officer (CISO).

Some corporate roles are a must-have within the C-suite. You must have a chief executive. You must have a chief financial officer to run the organisation’s financial operations. There will probably be a chief operating officer, and then someone with responsibility for the organisation’s technology. That might be a chief information officer, a chief technology officer, or a chief digital officer.

The last few years have seen new, largely credible titles emerge: chief marketing officer, chief information security officer, chief risk officer, chief people officer, and chief zero trust officer. And then there have been some more bizarre ones: chief troublemaker, chief storyteller, chief play officer, to name but a few.

The growing role of the chief information security officer

CISO is one role that has been growing in importance and influence as cybersecurity threats have increased.

A CISO’s responsibilities include developing, implementing, and enforcing security policies to protect critical data. They also include ensuring that companies are reporting any cyber incidents. This is increasingly so, with new Securities and Exchange Commission (SEC) rules requiring registrants to disclose any cybersecurity incident they determine to be material and to describe the material aspects of the incident’s nature, scope, and timing, as well as its likely material impact.

A report will generally be due four business days after a registrant organisation determines that a cybersecurity incident is material. (Registrant is a term used for any company that files documents with the SEC. The term applies to companies conducting initial public offerings (IPO) and companies that file periodic reports.)

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

In July 2023, SEC chair Gary Gensler put it this way. “Whether a company loses a factory in a fire—or millions of files in a cybersecurity incident—it may be material to investors. Currently, many public companies provide cybersecurity disclosure to investors. I think companies and investors alike, however, would benefit if this disclosure were made in a more consistent, comparable, and decision-useful way. Through helping to ensure that companies disclose material cybersecurity information, today’s rules will benefit investors, companies, and the markets connecting them.”

So CISOs will have a major role to play ensuring that SEC registrants have reported their cyber incidents correctly. But that does not necessarily mean a CISO will make it to Board status. As a Forbes article in 2023 put it, “There’s a common perception that CISOs are overly technical; that they aren’t necessarily suited to transition from a largely operational focus on minute details to broad, strategic concepts.”

And yet, such skills are needed. In 2022, as reported by Forbes, research from Deloitte revealed that 38% of board directors and 42% of C-suite executives think that a “deficit in technology fluency on the board” is one of the top five challenges to “board oversight of digital, cyber, and new technologies.”

And then, there is AI

In April 2024, the Financial Times reported on the rise of the chief AI officer. It argued that as organisations struggle to get to grips with the impact on their business of generative AI, companies are starting to consider creating such a strategic new AI role.

It also pointed to a development in March 2024 when the White House announced that US federal agencies had to designate chief AI officers to ensure accountability, leadership, and oversight of the technology. For now, chief technology and chief information officers can cover the role. However, the development of a dedicated AI leadership role is a possibility. Accenture and advertising group WPP are two of the forward-thinking organisations that already have a chief AI officer in place.

At least it is likely that any chief AI officer (CAIO) will have to be referred to as such. No one would know what a CAIO is. Unlike CISO, the acronym is not easily pronounceable. That is no bad thing. Some might argue that the trend towards trip-off-the-tongue initialisms for corporate officers—CEO, CFO, and the like—is a backward step that fails to reflect their standing in the organisation. Sadly, however, I think that battle has already been lost.