More
- Awards
- Blogs
- BrandPosts
- Events
- Podcasts
- Videos
- Enterprise Buyer’s Guides
feature
Why must CISOs slay a cyber dragon to earn business respect?
Oct 23, 2025 6 mins
feature
CISOs must rethink the tabletop, as 57% of incidents have never been rehearsed
Oct 14, 2025 7 mins
news
Palo Alto Networks, Zscaler, Cloudflare hit by the latest data breach
Sep 2, 2025 8 mins
news analysis
88% of CISOs struggle to implement zero trust
Sep 2, 2025 5 mins
news
Anthropic detects the inevitable: genAI-only attacks, no humans involved
Aug 27, 2025 6 mins
news analysis
83% of CISOs say staff shortage is major issue for defense
Aug 25, 2025 3 mins
news
NIST’s attempts to secure AI yield many questions, no answers
Aug 19, 2025 9 mins
news analysis
25% of security leaders replaced after ransomware attack
Aug 18, 2025 4 mins
News Analysis
Oct 28, 20254 mins
Business IT AlignmentIncident ResponseSecurity Practices
CISO-CEO tension and unclear authority under duress are imperiling incident response. CISOs must establish not only clear response plans but also leadership alliances centered on business value, advisors say.
Credit: Ground Picture / Shutterstock
Roughly 70% of security executives believe internal conflicts during a crisis cause more problems than the cyberattack itself.
“CISO-CEO tension, unclear authority, unrehearsed scenarios, and communication gaps between key teams cripple breach response despite major investments in tools and talent,” concludes the Cytactic 2025 State of Cyber Incident Response Management (CIRM) Report, based on a survey of 480 senior US cybersecurity leaders. “Blurred authority and shifting responsibilities frequently delay response efforts, creating moredisruption than the attackers themselves.”
But analysts and security specialists say much of the problem stems from alignment and perception issues that have taken hold well before cyberattacks require all-hands response, such as the incorrect belief that everything a CISO proposes slows down operations, making it harder to achieve revenue targets.
Security experts advise CISOs to consider such perception problems when setting security strategies and communicating cybersecurity’s value to colleagues and the board. For example, by emphasizing authentication behavioral analytics and other forms of passwordless protections, CISOs can show how their approaches deliver better protections with less friction, thereby helping lines of business (LOBs) to do their jobs securely and without unnecessary end-user effort.
Jeff Pollard, a vice president and principal analyst at Forrester, says another factor that undermines CISO-LOB and CISO-CEO relationships is the way that enterprise compensation is determined, a process that unintentionally sets CISOs on a collision course with LOB execs, the CEO, and the CFO.
“Think about the CEO and the LOB executives. They all have a P&L because they run a line of business. The vast majority of CISOs, however, have a budget but no P&L. That is a drastic difference,” Pollard says, adding that this common situation makes the CISO’s department look like just a cost center.
To fix that disconnect, Pollard says, CISOs must remind their CEO and LOB colleagues — loudly and often — that security initiatives indeed deliver revenue, marketshare, and customer retention.
“Every single customer that is rolling into those lines of business” are “filling out third-party risk management questionnaires and they are looking at audits,” Pollard says. “What CISOs are failing to do is showcasing that fact by saying things like, ‘When we bought that tool, it was not because we were bored. It was because one of your customers was asking, ‘Hey! What are you doing about web attacks on services from you that we use?’”
Pollard continues: “That’s where CISOs help with revenue. It’s because somewhere there is a customer — and probably a big one — who wanted it.”
Pollard advises security leaders to tell their CEOs and business colleagues, “‘I am not introducing friction. I am delivering what our customers are forcing us to do.’ Showcase the reasonwhy you are doing what you are doing. ‘Because it’s your customers who are asking for these things.’”
Cybersecurity consultant Brian Levine, a former federal prosecutor who today serves as executive director of FormerGov, a directory of former government and military specialists, argues that the differing approaches of different company executives should also be spun as a good thing.
“You want to have the conflict. The different incentives and motivations and expertise allow different ways of thinking about the company and finding ways to make it successful,” Levine explains. “The first thing is to not see that conflict as the problem.”
CJ Dietzman, senior vice president at Alliant Insurance Services, says CISOs also need to focus on what every LOB needs and try to address that. In other words, put the business first and address cybersecurity within that context. If CISOs can help their LOB exec colleagues deliver to their targets, cybersecurity will have their loyalty and support — which will go a long way toward easing internal tensions when a cyber crisis arises.
“Know your business, CISO,” Dietzman says. “You should never lead with cybersecurity.”
SUBSCRIBE TO OUR NEWSLETTER
From our editors straight to your inbox
Get started by entering your email address below.
Evan Schuman has covered IT issues for a lot longer than he’ll ever admit. The founding editor of retail technology site StorefrontBacktalk, he’s been a columnist for CBSNews.com, RetailWeek, Computerworld, and eWeek, and his byline has appeared in titles ranging from BusinessWeek, VentureBeat, and Fortune to The New York Times, USA Today, Reuters, The Philadelphia Inquirer, The Baltimore Sun, The Detroit News, and The Atlanta Journal-Constitution. Evan is a frequent contributor to CIO, CSO, Network World and InfoWorld.
Evan won a gold 2025 AZBEE award in the Enterprise News category for this story: Design flaw has Microsoft Authenticator overwriting MFA accounts, locking users out
He can be reached at eschuman@thecontentfirm.com and he can be followed on LinkedIn.
More from this author
`,
cio: `
🚀 The new CIO.com hybrid search: 🔍 Explore CIO content smarter, faster and AI powered. ✨
`,
nww: `
🚀 The new NetworkWorld.com hybrid search: 🔍 Explore NetworkWorld content smarter, faster and AI powered. ✨
`,
cw: `
🚀 The new Computerworld.com hybrid search: 🔍 Explore Computerworld content smarter, faster and AI powered. ✨
`,
cso: `
🚀 The new CSOonline.com hybrid search: 🔍 Explore CSO content smarter, faster and AI powered. ✨
`
};
const sharedStyles = `
`;
const publisher = foundry_get_publisher();
const htmlContent = contentSwitch[publisher];
if (!htmlContent || !document.body) return;
document.body.insertAdjacentHTML(“afterbegin”, htmlContent + sharedStyles);
const bar = document.querySelector(“.section-block–announcementbar”);
if (bar) {
requestAnimationFrame(() => {
bar.classList.add(“section-block–announcementbar–visible”);
});
}
const btn = document.querySelector(“.section-block–announcementbar .reset-button”);
const searchIcon = document.querySelector(‘.header__icon-button[data-menu-trigger=”search”] svg’);
const searchTrigger = document.querySelector(‘[data-menu-trigger=”search”]’);
if (searchIcon) {
searchIcon.innerHTML = ‘
‘;
}
if (btn && searchTrigger) {
btn.addEventListener(“click”, () => searchTrigger.click());
}
console.log(“[MISO SCRIPT] Conditions met, initializing Miso search announcements.”);
};
initMisoSearchAnnouncements();
});
document.addEventListener(‘consentManagerReady’, () => {
const hasConsentYouTube = consentManager.checkConsentByVendors([
‘YouTube’,
‘YT’
]);
if (hasConsentYouTube.some(vendor => vendor[‘Has Consent’] === false)) {
console.log(‘[YOUTUBE SCRIPT] Consent not given for YouTube.’);
} else {
console.log(‘[YOUTUBE SCRIPT] Consent given for YouTube. Loading script…’);
}
});
document.addEventListener(‘consentManagerReady’, () => {
const hasConsentGAM = consentManager.checkConsentByVendors([
‘Google Ad Manager’,
‘GAM’
]);
if (hasConsentGAM.some(vendor => vendor[‘Has Consent’] === false)) {
console.log(‘[GAM SCRIPT] Consent not given for GAM.’);
} else {
console.log(‘[GAM SCRIPT] Consent given for GAM. Loading script…’);
}
});
document.addEventListener(‘consentManagerReady’, () => {
const hasConsentGoogleFonts = consentManager.checkConsentByVendors([
‘Google Fonts’,
‘Google Web Fonts’
]);
if (hasConsentGoogleFonts.some(vendor => vendor[‘Has Consent’] === false)) {
console.log(‘[GOOGLE FONTS SCRIPT] Consent not given for Google Fonts.’);
} else {
console.log(‘[GOOGLE FONTS SCRIPT] Consent given for Google Fonts. Loading script…’);
}
});
document.addEventListener(‘consentManagerReady’, () => {
const hasConsentAdobeTypekit = consentManager.checkConsentByVendors([
‘Adobe Typekit’
]);
if (hasConsentAdobeTypekit.every(vendor => vendor[‘Has Consent’] === true)) {
if (foundry_is_edition(‘kr’)) {
const link = document.createElement(‘link’);
link.rel = ‘stylesheet’;
link.href = ‘https://use.typekit.net/ihi5tse.css’;
document.head.appendChild(link);
}
}
});
document.addEventListener(‘consentManagerReady’, () => {
const vendors = [‘Subscribers’];
const hasConsentSubscribers = consentManager.checkConsentByVendors(vendors);
if (hasConsentSubscribers.some(vendor => vendor[‘Has Consent’] === false)) {
return;
} else {
if (foundry_is_language(‘en’)) {
console.log(‘Language is English’);
// subscribers english ..
}
if (foundry_is_edition(‘kr’)) {
console.log(‘Edition is Korean’);
// subscribers in korean ..
}
if (foundry_is_edition(‘ja’)) {
console.log(‘Edition is Japanese’);
// subscribers in japanese ..
}
}
});
