The Evolution of the CISO and the New Challenges They Face

In the last three decades, the role of the Chief Information Security Officer (CISO) has undergone a dramatic transformation. No longer defined solely by technical expertise, today’s CISOs are expected to be strategic leaders who bridge the gap between cybersecurity, business performance, and regulatory compliance. 

With new technologies and threats emerging rapidly, CISOs face increasing pressure to manage risk, protect reputation, and contribute to commercial resilience.

From Technical Leader to Strategic Partner

Ever since Steve Katz joined Citicorp as the world’s first CISO in 1995, the role has evolved significantly. Katz was appointed following a series of damaging cyberattacks from Russian hackers, and he was given two directives: “Build the best cybersecurity department in the world,” and “spend time with our top international banking customers to limit the damage.”

Back then, the CISO was seen primarily as a technical lead focused on securing IT infrastructure. Today, the remit is much broader. CISOs are expected not only to prevent cyber incidents, but also to ensure regulatory compliance, manage enterprise risk, and align cybersecurity strategies with overall business goals.

A Role Defined by Complexity

Over time, the job has grown increasingly complex. CISOs now juggle a wide range of responsibilities including data privacy, threat awareness, incident response, and business continuity. The regulatory landscape has also become more demanding, with frameworks like the EU’s GDPR and the Digital Operational Resilience Act (DORA) adding further complexity.

The shift in focus is clear. According to Splunk’s CISO Report, 86% of CISOs say their role has changed so much it feels like an entirely different job. Soft skills and strategic thinking now take precedence over deep technical knowledge. CISOs are increasingly viewed as business partners who collaborate across all departments and translate technical risk into language the board can act on. In fact, 47% of CISOs now report directly to the CEO, highlighting the role’s strategic importance.

Adapting to the Threat of AI

One of the most pressing challenges for today’s CISOs is managing the security risks posed by artificial intelligence. According to Absolute Security, 54% of CISOs believe their teams are not adequately prepared to handle AI-driven threats. A further 46% see AI as more of a threat than a benefit.

These concerns are already shaping behaviour. The same report found that 39% of CISOs have personally stopped using AI tools over fears of a breach, and 44% have banned the use of AI within their organisations altogether. Despite these concerns, many also recognise the value AI can bring. Around 77% said it has helped fill existing cybersecurity skills gaps, underscoring the double-edged nature of the technology.

As regulation catches up with innovation, new legal frameworks such as the EU’s Artificial Intelligence Act, which came into force in August 2024, are placing additional demands on security teams. For CISOs, this means adapting again to manage both the risks and the compliance requirements associated with fast-moving technologies.

Supporting CISOs in a Shifting Landscape

The modern CISO must wear many hats: strategist, communicator, risk manager, and innovator. As the role continues to evolve, organisations must ensure their cybersecurity leaders have the tools, insight, and support to succeed.

AJC supports businesses at every stage of their cybersecurity journey. Through our CISO-as-a-Service (CISO-aaS) offering, we provide part-time, independent expertise to organisations that need flexible, senior-level support without the cost of a full-time hire. Acting as your virtual CISO, we can:

• Provide independent reviews of your existing cyber safeguards
  
• Conduct Cyber Security Plan assessments
  
• Assist with incident response and crisis management
  
• Supply expert commentary and guidance for senior stakeholders
  
• Take on roles such as Data Protection Officer (DPO)
  
• Deliver cybersecurity policies, plans, and documentation

Whether you’re navigating AI regulations, preparing for an audit, or responding to an emerging threat, AJC is here to help you strengthen resilience, reduce risk, and stay ahead of evolving cybersecurity challenges.

Contact us on 020 7101 4861 email us info@ajollyconsulting.co.uk if you think we can help.

Image accreditation: Getty Images for Unplash.com+. Last accessed on 8th April 2025. (link)