The job of CISO has moved beyond its old definition. What started as a technical role has become a test of strategy, stamina and leadership – and its scope continues to grow. According to Foundry’s 2025 Security Priorities study, most security leaders say their roles have expanded in the past year, and more than half now brief their boards several times a month. The CISO’s reach has expanded far beyond cybersecurity operations to include enterprise risk, compliance, privacy, and AI oversight – a shift that is redefining leadership at the top of the security organization.
The growing scope shows how integral security has become to every aspect of business. Today’s CISOs are taking on greater responsibilities and functional roles, with many of them overseeing not only cybersecurity but also risk management, compliance, and even operational domains like business continuity, data governance, and AI oversight. Some security leaders have added ESG or physical security to their remit – an acknowledgment that cyber risk is inseparable from business resilience.
That expansion has elevated the status of the CISO. In many enterprises, security leaders are now core members of executive decision-making teams, often helping to shape M&A strategy, product direction, and corporate governance. “Current and future CISOs need to break out of being mere technologists and build on their influence and communication strengths,” said Gaurav Kapil of Bread Financial in a recent CSOOnline article on CISO leadership. “This is not a transactional but a values-based conversation.”
