The evolving power of the modern CISO

Deryck Mitchelson, global CISO at Check Point Software Technologies.

---

The role of the chief information security officer (CISO) has never been more essential − nor more complex. Once seen primarily as the technical custodian of networks and data, the CISO has evolved into a strategic leader operating at the intersection of technology, risk and trust.

In an era defined by AI-driven transformation and constant connectivity, the CISO has become a central voice in shaping how organisations innovate and protect value.

As organisations look ahead through 2026 and beyond, cyber security (and the CISO) stands at a critical turning point. No longer a back-office function, security is now a business enabler that supports resilience, customer confidence and sustainable growth.

The CISO role has changed profoundly over the past two decades. Early information security emerged from government and military environments focused on protecting classified data. As digital technologies permeated civilian and industrial sectors, threats expanded in scale and sophistication.

When boards elevate CISOs, cyber security becomes a catalyst for innovation and long-term value.

Today’s CISOs still oversee IT security, but their remit now spans operational technology, data environments, supply chains, cloud architectures and AI systems.

Their role requires transforming global shifts − from geopolitical volatility to regulatory fragmentation − into business strategies that protect assets while supporting innovation. And crucially, they must anticipate what’s coming next.

Modern IT ecosystems defy simple definitions, and so does the CISO role. Responsibilities vary widely depending on sector and organisational maturity, with reporting lines that may connect to the CIO, CRO, CEO, or even directly to the board.

Increasingly, CISOs also influence crisis management, operational resilience and areas traditionally outside digital security.

This growing scope reflects a broader reality: siloed leadership models can no longer keep pace with the complexity of today’s threat environment. Compliance alone cannot deliver resilience, and meeting regulatory minimums is not the same as managing real-world risk.

As new regulations place legal obligations on boards, CISOs now serve as essential advisors who help directors understand their risk posture and exercise their fiduciary duties. Their value lies not only in securing systems, but in bringing clarity and strategic foresight to governance discussions.

Cyber security leadership depends on coordinated relationships across the enterprise and beyond:

• Boards and executives rely on CISOs to translate cyber risk into financial, regulatory and reputational terms.

• Customers and suppliers expect transparency and swift communication during incidents.

• Law enforcement and national cyber agencies benefit from intelligence sharing that strengthens collective defence.

• Regulators and standards bodies set frameworks that CISOs must interpret while maintaining business agility.

Within organisations, CISOs connect the C-suite with digital teams, AI and data functions, procurement, R&D and more. This network of relationships forms the backbone of a resilience enterprise.

As digital and business risks become inseparable, many CISOs are moving into broader roles, such as chief security officer or chief risk officer. These transitions highlight how deeply cyber security is now embedded in organisational strategy.

To succeed, modern CISOs must personify several leadership archetypes:

• The business partner
• The resilience guardian
• The community leader
• The storyteller
• The people leader
• The cultural driver
• The negotiator

The most effective CISOs think in systems, collaborate across boundaries, and communicate with clarity and purpose.

The future of cyber security leadership hinges on genuine empowerment. Boards and CEOs must ensure CISOs have the authority, visibility and resources to lead effectively. Empowerment extends beyond budgets; it requires recognition of the CISO as a strategic counterpart.

Boards can support this by:

• Establishing a clear and independent CISO mandate.
• Making cyber security a standing board agenda item.
• Aligning budgets with organisational digital risk.
• Encouraging transparency risks reporting.
• Linking executive incentives to security outcomes.
• Strengthening collaboration across the wider ecosystem.

When boards elevate CISOs, cyber security becomes a catalyst for innovation and long-term value − not merely a defensive investment.

As AI, quantum technologies and interconnected supply chains reshape global risk, the boundaries around cyber security continue to blur. Organisations that thrive will view security as a core enabler of competitiveness.

The future CISO is not only a defender but an architect of digital trust. In a world where every connection carries both opportunity and risk, the CISOs who lead with vision, adaptability and collaboration will define the next decade of digital resilience.