Security Chiefs Gain Corporate Clout as Role Expands Beyond Technology

A new study confirms what many in corporate America have witnessed firsthand: the chief information security officer is now a central figure in executive leadership. According to the 2026 State of the CISO Benchmark Report from Hunt Scanlon, 46% of CISOs now hold executive titles like SVP or EVP, making them the largest group among security leaders for the first time. The research, conducted by IANS Research and Artico Search, surveyed 662 North American CISOs through much of last year.

The data shows a sharp climb in authority, particularly at large companies. Among firms with over $1 billion in revenue, executive-level CISOs jumped from 33% in 2023 to 47% in 2025. For publicly traded companies, the figure reached 55%. This formalizes a shift that has been building for years, moving security leadership from a technical specialty to a core business function.

Nick Kakolowski of IANS Research described the change as an inflection point. He noted that while titles are advancing, many security leaders still work within older corporate structures that haven't adapted to their expanded duties.

Reporting lines are changing, too. While most CISOs still answer to technology chiefs, 36% now report directly to business-side leaders like the CEO, CFO, or general counsel. In large enterprises, 44% of executive CISOs report outside the IT department. This shift provides greater access to strategic discussions but also brings broader accountability and more intense board scrutiny.

With greater authority comes a heavier load. The report finds over half of CISOs saw their responsibilities grow in the past year, and 52% consider that expanded scope unmanageable. This pressure contributes to high turnover intentions, with 69% of surveyed security leaders considering a job change within twelve months.

Compensation reflects the heightened stakes. Separate IANS-Artico data identifies "million-dollar CISOs" at the largest firms, with average total pay reaching $1.1 million for security chiefs at companies with $20 billion or more in revenue.

The trend underscores a fundamental corporate realization: cybersecurity is no longer just an IT problem, but a business imperative with direct consequences for financial performance and governance, especially under current regulatory pressures.

Source: Webpronews