Chief Information Security Officers are realizing, in greater numbers than ever before, that cybersecurity can no longer be viewed as a siloed technical function but instead as a core enabler of business growth, innovation, and AI adoption, according to LevelBlue’s latest Persona Spotlight: CISO.
Our team found that while CISOs are making progress in modernizing resilience and increasing their influence among C-suite members and down into their organizations, they are still aware of significant gaps around AI-driven threats, software supply chain visibility, and alignment with executive leadership.
Please read the complete report for all the details and findings, but here is a quick synopsis of what was found.
1. Cybersecurity Is Now a Business Function, Not an IT Function
CISOs see their role expanding beyond protection and compliance and recognize that:
- Cyber resilience directly enables growth, innovation, and safe AI expansion.
- Leadership is increasingly acknowledging cybersecurity as a shared responsibility across all business units.
2. Traditional Security Skills Are Not Enough—AI and Supply Chain Are the New Gaps
CISOs feel confident in the “classic” domains of cybersecurity, but they do not feel confident in:
- Defending against AI-powered adversaries
- Using AI effectively to strengthen defenses
- Understanding and securing the software supply chain
3. Cyber Resilience Is Becoming More Proactive
CISOs said they are shifting from reactive security to adaptive, continuous resilience and believe this will enable:
- Faster innovation
- Higher risk tolerance
- More confident experimentation with new technologies
However, they understand that there are major obstacles, such as:
- Data privacy and quality concerns still consume too many resources.
- Business alignment is weak (risk appetite, budgets, and priority-setting)
4. Leadership Misalignment Is a Barrier
CISOs said the board and governance teams still don’t fully understand cyber resilience and, as a result:
- Cyber budgets are not consistently allocated early in projects
- Business risk appetite is not aligned with cyber risk
- Accountability is unclear
In response, CISOs are attempting to:
- Engage more with the board
- Embed KPIs and metrics across leadership roles
- Improve cyber communication to lines of business
5. Businesses Are Unprepared for Emerging Attacks
Looking down the road, CISO are expecting AI-powered attacks, deepfake-powered cyber incidents, and know they will have to contend with advanced social engineering practices from threat actors.
CISOs see their path forward requiring deeper alignment across the executive team, stronger collaboration throughout the business, and a more proactive, intelligence-driven approach to emerging risks.
Please click here for the full report.
