The CISO job has outgrown its old definition. What started as a technical role has become a test of strategy, stamina, and leadership — and the scope keeps widening. According to Foundry’s 2025 Security Priorities Study, a majority of security leaders say their roles have expanded in the past year, and more than half now brief their boards multiple times a month. The CISO’s reach has extended well beyond cybersecurity operations to encompass enterprise risk, compliance, privacy, and AI oversight — a shift that’s redefining what leadership looks like at the top of the security organization.
The expanding scope reflects how integral security has become to every aspect of business. Today’s CISOs are taking on ever more responsibilities and functional roles, with many overseeing not just cybersecurity but also risk management, compliance, and even operational domains such as business continuity, data governance, and AI oversight. Some security leaders have added ESG or physical security to their remit — an acknowledgment that cyber risk is inseparable from business resilience.
That expansion has elevated the CISO’s standing. In many enterprises, security leaders are now core members of executive decision-making teams, often helping to shape M&A strategy, product direction, and corporate governance. “CISOs of the present and the future need to get out of being just technologists and build their influence and communication muscle,” said Bread Financial’s Gaurav Kapil in a recent CSOonline article on CISO leadership. “It’s not transactional but more of a value-based conversation.”
