CISOs with healthy board relationships report stronger partnerships with IT operations (82% versus 69% of other CISOs) and engineering (74% versus 63% of other CISOs).

36% of CISOs consider contributing to revenue growth initiatives a priority compared to 24% of board members.

51% of CISOs see upskilling or reskilling security employees as a priority, versus 27% of boards.

Only 47% of CISOs engage with their boards on a monthly or quarterly basis, and 42% meet with their boards on an ad hoc basis, if at all.

82% of security leaders report directly to the CEO in 2024, which is up from 47% in 2023.

Strategic CISOs have an annual cash compensation of around $545,000, compared to $385,000 for functional CISOs and $291,000 for their tactical counterparts.

29% of CISOs say they receive the proper budget for cybersecurity initiatives, compared to 41% of board members who think cybersecurity budgets are adequate.

57% of CISOs prioritize regulation and compliance knowledge, compared to 44% of board members.

CISOs with good board relationships are more likely to be given the ability to pursue use cases for generative AI, such as creating threat detection rules (43% versus 31% of other CISOs), analyzing data sources (45% versus 28% of other CISOs), incident response and forensic investigations (42% versus 29% of other CISOs), and proactive threat hunting (46% versus 28% of other CISOs).

Cost-saving measures reported by CISOs include reduced security solutions and tools (50%), security hiring freezes (40%), and decreased or eliminated security training (36%).

Dual CISOs at large organizations earn an average total compensation (including equity) of $1 million, whereas those who only take on partial IT oversight are closer to the average of traditional CISOs who manage none of the IT functions ($653,000).

70% of CISOs indicated any raises they received were annual merit-based increases, which on average were 6%.

Between 50% and 90% of CISOs identified other elements of business risk, such as disaster recovery, business risk, and third-party risk management, as well as broader security concerns such as product security, as falling under their remit.

More board members than CISOs want CISOs to develop certain skills: Business acumen: 55% of board members vs 40% of CISOs, emotional intelligence: 45% of board members vs 35% of CISOs, Communication: 52% of board members vs 47% of CISOs.

46% of CISOs said attaining security milestones was indicative of their success, compared to only 19% of board respondents.

52% of CISOs consider innovating with emerging technologies a priority, compared to 33% of board members.

64% of CISOs reveal that the current threat and regulatory environment make them concerned they’re not doing enough.

When asked what skills CISOs should develop, the biggest gaps in importance include business acumen (55% for boards versus 40% for CISOs), emotional intelligence (45% for boards versus 35% for CISOs) and communication (52% for boards versus 47% for CISOs).

94% of CISOs report being victims of a disruptive cyberattack, with 55% experiencing them at least a couple of times, and another 27% experiencing them many times.

83% of security leaders participate in board meetings "somewhat often" or "most of the time".