Cisco just released its annual Splunk report titled The CISO Report: From Risk to Resilience in the AI ​​Era and which highlights the rapid growth of the CISO’s strategy, its strategic approach to the adoption of AI and its firm commitment to human talent as they face an increasingly complex threat landscape.

“CISOs operate in the eye of the storm, at the center of constant transformation. Their role’s responsibilities expand, threats evolve, and AI accelerates it all”highlights Michael Fanning, CISO at Splunka Cisco company. “This expansion of their roles comes with an exceptional level of pressure and personal responsibility. CISOs not only manage the technology, but also the risk, talent and digital resilience that drives business results”.

The importance of AI in the CISO strategy

AI is recognized as a powerful business tool in CISO strategy and a productivity driver for security teams, including Agentic AI. Among the conclusions of the report, the following stand out:

  • 95% of CISOs cite the increasing sophistication of malicious actors’ capabilities as their biggest risk. Nine in ten (92%) say improving threat detection and response capabilities is a top priority, followed by strengthening identity and access management (78%) and investing in AI-based cybersecurity capabilities (68%).
  • 92% of CISOs believe that AI allows their teams to review more security events.
  • 89% report improvement in data correlation with AI.
  • 39% of respondents who have partially or fully adopted Agentic AI say that their teams’ reporting speed has more than doubled compared to those who are still exploring it (18%).
  • 82% of CISOs believe that Agentic AI will increase the amount of data reviewed and 82% that it will increase correlation and response speed.

Although CISOs approach AI with cautious optimism, 86% fear that Agentic AI will increase the sophistication of social engineering attacks, while 82% worry that it will increase the speed of deployment and complexity of persistent threats. Ultimately, AI is seen as essential to combating advanced threats and delivering significant business advantages.

Expansion of personal functions and risks

CISOs operate at the forefront of digital transformation, and nearly four in five say their role has become much more complex. More than three-quarters of CISOs are now concerned about personal liability in the event of security incidents, a sharp increase from last year, when just over half expressed similar fears. Nearly all respondents now say CISOs’ responsibilities include AI governance and risk management, and more than four in five also oversee secure software development (DevSecOps).

Talent over technology

Despite the rise of AI, CISOs are prioritizing human capital to respond to talent gaps. Its main strategies include upskilling current staff, hiring new full-time employees, and hiring external employees. This reflects the belief that human intelligence and creativity remain the most powerful tools in security, especially for tasks as specific as threat management.

Likewise, shared responsibility is proving to be essential to obtain better cybersecurity results. Joint responsibility provides the most value to key security initiatives (62%), security budgeting and financing (55%), and access to security-relevant data (49%), indicating that collaboration between senior managers is a resilience multiplier.

Exhaustion and search for clarity

The report also reveals a significant challenge in workforce retention, with nearly two-thirds of security teams experiencing moderate to significant burnout. Top stressors include high alert volume (98%), false alerts (94%), and tool fatigue (7%).

To address this issue, CISOs are consolidating security data into a single view and using data-driven narratives to translate technical nuances into clear business imperatives for non-technical managers. However, challenges remain to improving data sharing between departments, including data privacy concerns (91%), high storage costs (76%), and lack of shared data views (70%).

Reframe security as a business enabler.

CISOs are increasingly focused on translating the value of cybersecurity into clear business results. Reducing incidents, improving mean time to detect (MTTD), and mean time to respond (MTTR) are the primary metrics used to communicate return on investment to management. Collaboration with senior management colleagues, especially around budgeting and key initiatives, is critical to success.

The CISO report highlights the transformation of the role of the CISO into a strategic leader. It shows how these executives are effectively tackling complex challenges by championing data-driven strategies, fostering people-centered leadership, and thoughtfully integrating artificial intelligence. Through these approaches, CISOs are strengthening digital resilience and enabling their organizations to thrive in an ever-evolving threat landscape.

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.