Whenever a new key business area develops, there is a need to know who is going to be responsible for it in the corporate hierarchy, and a case can be built for increased recognition of the role of chief information security officer (CISO).

Some corporate roles are a must-have within the C-suite. You must have a chief executive. You must have a chief financial officer to run the organisation’s financial operations. There will probably be a chief operating officer, and then someone with responsibility for the organisation’s technology. That might be a chief information officer, a chief technology officer, or a chief digital officer.

The last few years have seen new, largely credible titles emerge: chief marketing officer, chief information security officer, chief risk officer, chief people officer, and chief zero trust officer. And then there have been some more bizarre ones: chief troublemaker, chief storyteller, chief play officer, to name but a few.

The growing role of the chief information security officer

CISO is one role that has been growing in importance and influence as cybersecurity threats have increased.

A CISO’s responsibilities include developing, implementing, and enforcing security policies to protect critical data. They also include ensuring that companies are reporting any cyber incidents. This is increasingly so, with new Securities and Exchange Commission (SEC) rules requiring registrants to disclose any cybersecurity incident they determine to be material and to describe the material aspects of the incident’s nature, scope, and timing, as well as its likely material impact.

A report will generally be due four business days after a registrant organisation determines that a cybersecurity incident is material. (Registrant is a term used for any company that files documents with the SEC. The term applies to companies conducting initial public offerings (IPO) and companies that file periodic reports.)

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Verdict.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

In July 2023, SEC chair Gary Gensler put it this way. “Whether a company loses a factory in a fire—or millions of files in a cybersecurity incident—it may be material to investors. Currently, many public companies provide cybersecurity disclosure to investors. I think companies and investors alike, however, would benefit if this disclosure were made in a more consistent, comparable, and decision-useful way. Through helping to ensure that companies disclose material cybersecurity information, today’s rules will benefit investors, companies, and the markets connecting them.”

So CISOs will have a major role to play ensuring that SEC registrants have reported their cyber incidents correctly. But that does not necessarily mean a CISO will make it to Board status. As a Forbes article in 2023 put it, “There’s a common perception that CISOs are overly technical; that they aren’t necessarily suited to transition from a largely operational focus on minute details to broad, strategic concepts.”

And yet, such skills are needed. In 2022, as reported by Forbes, research from Deloitte revealed that 38% of board directors and 42% of C-suite executives think that a “deficit in technology fluency on the board” is one of the top five challenges to “board oversight of digital, cyber, and new technologies.”

And then, there is AI

In April 2024, the Financial Times reported on the rise of the chief AI officer. It argued that as organisations struggle to get to grips with the impact on their business of generative AI, companies are starting to consider creating such a strategic new AI role.

It also pointed to a development in March 2024 when the White House announced that US federal agencies had to designate chief AI officers to ensure accountability, leadership, and oversight of the technology. For now, chief technology and chief information officers can cover the role. However, the development of a dedicated AI leadership role is a possibility. Accenture and advertising group WPP are two of the forward-thinking organisations that already have a chief AI officer in place.

At least it is likely that any chief AI officer (CAIO) will have to be referred to as such. No one would know what a CAIO is. Unlike CISO, the acronym is not easily pronounceable. That is no bad thing. Some might argue that the trend towards trip-off-the-tongue initialisms for corporate officers—CEO, CFO, and the like—is a backward step that fails to reflect their standing in the organisation. Sadly, however, I think that battle has already been lost.