In 2025, 83% of CISOs reported that Cyber Resilience was more critical for their organization than traditional cybersecurity measures, compared to 90% in the previous year.

72% of CISOs agreed that their role has evolved to include leading their organization’s ability to recover continuity following a cyberattack or security incident.

In 2025, 98% of organizations reported spending between $1 and $5 million to recover from cyber incidents, with the average recovery cost per incident being $2.5 million.

67% of CISOs stated they are the primary executive responsible for ensuring Cyber Resilience within their organization.

47% of CISOs report being completely confident that AI-powered security tools can effectively defend against autonomous, AI-driven cyberattacks.

88% of CISOs agree that the convergence of OT and IT security exposes new challenges that many organizations are not yet prepared to address.

96% of Chief Information Security Officers (CISOs) agree that the convergence of operational technology (OT) and information technology (IT) security is essential for protecting critical infrastructure from emerging threats.

97% of CISOs agree that hybrid infrastructure provides greater resilience and risk management capabilities than relying solely on cloud or on-premises environments.

94% of CISOs agree that emerging threats are forcing them to rethink and reprioritize their cybersecurity and infrastructure strategy.

40% of CISOs plan to invest in OT/IT security convergence over the next 12 months as part of their hybrid infrastructure strategies.

In 2025, overall CISO compensation increased by an average of 6.7% compared to the previous year.

15% of CISOs changed employers in 2025, an increase from 11% in 2024.

In 2025, 71% of CISOs received executive perks, an increase from 40% to over 50% this year for D&O insurance.

CISOs who remained at their companies and took on expanded responsibilities saw an average compensation increase of 8.1% in 2025, compared to a 5% increase among those who switched jobs.

70% of CISOs receive equity, which can represent up to half of total pay among top earners.

The top 1% of CISOs earn more than $3.2 million in total compensation, which is approximately 10 times the median and 20 times the bottom 10%.

Overall concern among U.S. CISOs about a breach fell from 86% in 2024 to 62% in 2025.

78% of U.S. CISOs expect AI to create a moderate or significant amount of new IT or security work for their teams due to AI-related security risks and vulnerabilities.

73% of U.S. CISOs reported facing a significant cyber incident in the past six months.

Boards most often ask CISOs for the following metrics: risk-reduction trendlines (51%), quantified business impact (47%), and incident-response performance metrics (40%).