Nearly all CISOs report they are now responsible for AI governance and risk management, citing the growing sophistication of threat actor capabilities as their greatest risk.
This is according to a report from Splunk, which also finds that the vast majority of CISOs say AI enables more security events to be reviewed.
For this report, Oxford Economics researchers surveyed 650 CISOs in July and August of 2025. Respondents resided in Australia, France, Germany, India, Japan, New Zealand, Singapore, the United Kingdom, and the United States.
“CISOs operate in the eye of the storm, at the center of constant transformation. Role responsibilities expand, threats evolve, and AI accelerates everything,” said Michael Fanning, CISO at Splunk, a Cisco company.
“This expanded mandate brings an exceptional level of pressure and personal accountability,” said Fanning. “We are not just managing technology. We are managing risk, talent, and the digital resilience that drives critical business outcomes.”
AI is recognised as a powerful business imperative and productivity powerhouse for security teams, including agentic AI.
Results show that 95% of CISOs cite the growing sophistication of threat actor capabilities as their greatest risk. Among respondents, 92% say that improving threat detection and response capabilities is a top priority, followed by strengthening identity and access management (78%), and investing in AI cybersecurity capabilities (68%).
Also, 92% of CISOs say AI enables their teams to review more security events and 89% report improved data correlation with AI.
Further, 39% of CISOs who have partially or fully adopted agentic AI strongly agree it has increased their teams’ reporting speed by more than double the rate of those who are still exploring (18%).
In addition, 82% of CISOs believe agentic AI will increase the amount of data reviewed and 82% say it will increase correlation and response speeds.
While CISOs approach AI with cautious optimism, 86% fear agentic AI will increase the sophistication of social engineering attacks, and 82% worry it will increase deployment speed and complexity of persistence mechanisms.
Ultimately, AI is seen as essential for combating advanced threats and delivering significant business advantages.
According to Splunk CISOs are operating at the leading edge of digital transformation, with nearly four out of five reporting their role has become significantly more complex.
More than three quarters of CISOs are now worried about personal liability for security incidents, a sharp jump from last year, when just over half expressed similar fears, underscoring the high stakes involved.
Nearly all respondents now report that CISOs’ responsibilities include AI governance and risk management, with more than four out of five also overseeing secure software development (DevSecOps).
Despite the rise of AI, CISOs are prioritising human capital to address critical skills gaps. Their main strategies include upskilling current workforces, hiring new full-time employees, and engaging contractors.
This reflects a belief that human intelligence and creativity remain security’s most powerful tools, especially for nuanced tasks like threat hunting.
Shared ownership is proving critical for stronger cybersecurity outcomes. Joint accountability drives the most value for key security initiatives (62%), security budget and funding (55%), and access to security-relevant data (49%), indicating that collaboration across the C-suite is a force multiplier for resilience.
The report reveals a significant challenge in workforce retention, with nearly two-thirds of security teams experiencing moderate to significant burnout. Leading stressors include high alert volumes (98%); false alerts (94%); and tool fatigue (79%).
To address these issues, CISOs are consolidating security data into a single view and using data-driven narratives to translate technical nuances into clear business imperatives for non-technical leadership.
However, challenges to improving cross-departmental data sharing persist, such as data privacy concerns (91%); high storage costs (76%); and lack of shared data views (70%).
CISOs are increasingly focused on translating cybersecurity’s value into clear business outcomes. Incident reduction, improved Mean Time to Detect (MTTD), and Mean Time to Respond (MTTR) are the top metrics used to communicate ROI to leadership. Collaboration with C-suite peers, especially on budgeting and key initiatives, is crucial for success.
The CISO Report highlights the transformation of the CISO role into a strategic leader. The report demonstrates how these executives are effectively navigating complex challenges by championing data-driven strategies, fostering human-centric leadership, and thoughtfully integrating AI.
Through these approaches, CISOs are strengthening digital resilience and empowering their organisations to thrive in an ever-evolving threat landscape.
