The role of the Chief Information Security Officer (CISO) is evolving from a technical advisor to a key business strategist due to new EU regulations like NIS2 and DORA. These regulations redefine due diligence, shifting responsibility from IT departments to governing bodies and making CISOs liable for compliance. This shift necessitates CISOs to be directly involved in decision-making, requiring them to balance technical expertise with legal and ethical insights.
