As cybersecurity threats intensify and regulatory pressures mount, chief information security officers are ascending to the uppermost echelons of corporate power. For the first time, executive-level CISO titles—such as SVP, EVP, or chief information security officer—now comprise the largest segment of infosec leadership roles, according to the 2026 State of the CISO Benchmark Report from Hunt Scanlon. This shift, detailed in a study of 662 North American CISOs conducted by IANS Research and Artico Search between April and November 2025, underscores how digital risks have propelled security chiefs from IT backrooms to boardroom strategists.

The report reveals that 46% of CISOs hold executive titles, surpassing the 27% at VP level and another 27% as directors. In large enterprises with over $1 billion in revenue, executive representation climbed from 33% in 2023 to 47% in 2025, with publicly traded giants showing an even steeper rise to 55% from 34%. “The CISO role has clearly reached an inflection point,” said Nick Kakolowski, senior director of CISO research at IANS, as quoted in a PR Newswire release. “Executive-level titles are becoming more common, but many CISOs are still operating within legacy structures that haven’t kept pace with the scope and expectations now placed on the role.”

This elevation grants CISOs greater access to strategic dialogues, enabling them to frame security risks in business terms and synchronize defenses with corporate goals. Yet, the ascent comes with strings attached: broader accountability, intensified oversight from boards, and deeper integration across functions.

Evolving Reporting Lines Reshape Influence

Traditionally nested under IT, CISOs are breaking free. While 64% still report to CIOs or CTOs, 36% now answer to business executives like CEOs, COOs, CFOs, or general counsels, per the IANS-Artico data. In large firms, 44% of executive CISOs report outside IT, compared to 64% in smaller outfits. Dotted-line ties often prove as vital as direct ones, fostering visibility with peers. “Executive CISO titling and positioning… is not just about operational efficiency,” noted Matt Comyns, president and co-founder of Artico Search, in the Hunt Scanlon analysis. “When balancing priorities, teams… will respond more favorably to a true security executive peer.”

Engagement patterns highlight the divide: 91% of CISOs interact monthly with CIOs/CTOs, but only 54% with general counsels and 40% with product heads. Executive CISOs double the monthly touchpoints with CEOs/COOs, HR leaders, or sales chiefs versus directors. Steve Martano, partner in Artico’s cyber practice, observed: “On a permanent basis, we see CISOs reporting to CEOs of product companies more than in any other sector.” This realignment elevates cybersecurity from a technical silo to an enterprise imperative, as echoed in Infosecurity Magazine.

Public companies, under SEC scrutiny, lead the charge, with boards demanding direct oversight. The trend holds across sectors, varying by no more than 10 points, though tech and finance show high CISO mobility—over 25% cross-pollinate experience.

Scope Creep Strains Resources and Leaders

Responsibility sprawl defines the new reality: over 80% oversee SecOps, engineering, GRC, app sec, and IAM—up dramatically, with 76% owning full IAM versus few five years ago. Nearly 30% manage IT elements like compliance or networking, plus third-party risk and disaster recovery. 53% report scope growth in the last year, yet 52% deem it unmanageable, especially in lean teams, per Channel Insider. “For security leaders, scope creep is more common than scope divestiture,” Comyns stated.

This paradox fuels unrest: average tenure hits nine years, but 69% eye moves within 12 months, often to larger firms, new industries, or roles like CTO/CIO or board seats. Manufacturing CISOs pivot frequently, with 50% from finance/healthcare. High mobility in tech/finance persists, but burnout looms as demands outpace support, as noted in TechTarget. “It’s just a smaller and smaller portion who are doing both the executive job and the director job,” Kakolowski explained.

Compensation reflects the stakes: related IANS-Artico work spotlights “million-dollar CISOs” at mega-firms, averaging $1.1 million total pay for $20 billion+ revenue outfits, signaling security’s business criticality, via Hunt Scanlon.

Industry Variations and Career Trajectories

Trends span sizes and sectors, but nuances emerge. Small firms inflate titles to offset pay; giants tie them to governance. Product companies favor CEO reporting, especially post-breach or merger. “The depth of a CISO’s cross-functional relationships depends on the priorities,” Martano said. Tech-finance fluidity aids versatility, while manufacturing draws external talent.

Post-CISO paths favor CTO/CIO or boards over CRO or trust officer gigs. 81% of multi-firm CISOs span industries, building broad expertise. Demand stays robust amid complexity, but mismatches in scope, reporting, and visibility spur turnover, as SecurityBrief reports.

Recruiters stress alignment: “Understanding how organizations define scope… is critical for CISOs planning their next move,” Martano emphasized. Boards must match authority to accountability to retain talent.

Boardroom Imperative and Future Pressures

Regulatory waves—SEC rules, DORA echoes—amplify board focus. CISOs translate tech risks to financial impacts, with 40%+ engaging C-suite quarterly. Executive CISOs lead here, twice as likely for frequent CEO/COO talks. PwC’s 2026 insights urge CISOs to “elevate cyber from control to catalyst,” per their executive hub.

AI risks, supply chains, and agentic threats demand resilience. IANS data shows strategic CISOs—strong in C-suite/board access—earn 57% more than functional peers, with higher satisfaction. Tactical directors lag, handling ops sans influence.

The split widens: executives delegate amid growth; directors grind reactively. “The VP-level CISO is becoming less common,” the report concludes, as firms choose strategic elevation or operational demotion. For insiders, this bifurcation tests whether organizations invest in security as a value driver or cost center.