Based on a global survey of 650 security leaders, the report examines how AI is reshaping cybersecurity priorities, increasing personal accountability for CISOs, and reinforcing the importance of human talent alongside automation.
The role of the Chief Information Security Officer is undergoing a significant transformation as artificial intelligence reshapes enterprise risk management, according to a new global study released by Cisco featuring insights from Splunk’s latest CISO Report. The survey, which gathered responses from 650 CISOs worldwide, points to expanding responsibilities, rising complexity and mounting performance expectations.
“CISOs operate in the eye of the storm, at the centre of constant transformation. Role responsibilities expand, threats evolve, and AI accelerates everything," said Michael Fanning, CISO, Splunk, a Cisco Company. "This expanded mandate brings an exceptional level of pressure and personal accountability. We are not just managing technology. We are managing risk, talent, and the digital resilience that drives critical business outcomes."
AI becomes central to cybersecurity strategy
The findings show that threat sophistication remains the primary concern for most CISOs, with improving detection and response capabilities ranking as the top operational priority. Many respondents also highlighted identity and access management and AI-powered cybersecurity investments as key focus areas.
AI adoption is already influencing security workflows. A large majority of respondents said AI tools help review higher volumes of security events and improve data correlation. Organisations that have implemented agentic AI reported faster reporting and response improvements compared to those still evaluating the technology. However, concerns persist that AI could also heighten the effectiveness of social engineering and accelerate advanced attack techniques.
Rising accountability and workforce strain
Nearly four out of five security leaders said their role has grown significantly more complex. Personal liability for security incidents is also emerging as a growing concern. In addition to overseeing traditional security operations, most CISOs now manage AI governance, risk management and secure software development practices.
Despite increased automation, human expertise remains a priority. Many CISOs are focusing on upskilling teams and hiring specialised talent to bridge capability gaps. At the same time, workforce fatigue remains a challenge, driven by high alert volumes, false positives and tool overload.
The report concludes that stronger cross-functional collaboration and clearer communication of metrics such as Mean Time to Detect and Mean Time to Respond are critical as CISOs evolve into strategic business leaders driving organisational resilience.
