CISO's reporting structure affects organizational cyber-resilience. Traditionally reporting to CIOs, CISOs face resource competition and limited strategic influence. As cyber threats escalate, more firms advocate for CISOs to report directly to CEOs or Boards to enhance decision-making and align security with corporate strategy. This change promotes transparency, shared responsibility, and embedding cybersecurity into business culture, crucial for managing risks and ensuring organizational continuity amidst evolving threats. Empowering CISOs at the top levels signifies a shift in treating cybersecurity as a critical business imperative.
https://www.business-reporter.co.uk/risk-management/the-ciso-reporting-crisis