90% of CISOs have ownership of their organization’s security operations, architecture, governance, as well as digital risk and compliance.

Between 50% and 90% of CISOs identified other elements of business risk, such as disaster recovery, business risk, and third-party risk management, as well as broader security concerns such as product security, as falling under their remit.

1-25% of CISOs reported that emerging domains including AI, M&A security, change management, IT due diligence, digital transformation, and innovation were being added to their workload.

3% of CISOs attribute their raise to taking on larger scope, while others see it reflected in merit increases.