Getty Images
Majority of CISOs now hold executive-level titles, IANS reports
More organizations grant the CISO an executive title, an IANS survey found, as the top security job becomes less of a hands-on position and more of a business leader role.
Executive-level CISO titles now outnumber vice president- or director-level titles, according to new research from cybersecurity advisory firm IANS.
This is the first time a survey by IANS has found this preponderance of security leaders holding the CISO executive-level title. It's a trend that has been building in recent years, and one that plays out across business size.
In its "State of the CISO 2026 Benchmark Report," IANS found that 47% of large enterprises have raised security to the executive ranks, up from 33% in 2023. Similar increases were found among companies with annual revenue of less than $100 million, with 52% of those businesses now giving their security leaders an executive or senior vice president CISO title.
Averaged across business size, CISOs at executive vice president or senior vice president levels rank 47%, with 27% at vice president and 27% at director levels.
CISO roles are shifting
IANS researchers concluded that the CISO is now being viewed as a strategic leader embedded in enterprise governance and business decision-making rather than merely a technical expert.
“This year was a major turning-point year where it became a sufficiently large part of our sample that we were able to say the majority of CISOs in our sample are thought of as executive CISOs," said Nick Kakolowski, senior director of CISO research at IANS.
The elevation of security leadership to the executive level means that fewer organizations have leaders who handle both high-level strategic matters important to the business and day-to-day problem-solving and incident response.
Yet leaders who straddle those two worlds do still exist, Kakolowski said. "It's just a smaller and smaller portion who are doing both the executive job and the director job, where they are working with other business leaders to solve broad risk problems, they are owning a massive scope, but they are also hands-on, in the weeds, solving technical challenges," Kakolowski said. "The more executive CISO tends to be delegating the day-to-day."
The 2026 IANS survey also revealed the stress and restlessness in the CISO ranks, as well as adjustments in reporting structure:
- 52% believe of CISOs their responsibilities are not manageable given current resources.
- 69% are open to changing jobs within the next year.
The report also touched on adjustments in CISO reporting structure. Currently, 64% of CISOs report directly to an IT boss, typically a CIO or CTO, while 36% report to non-IT leaders, such as the CEO, COO, general counsel, chief legal officer or chief risk officer. Additionally, executive-level CISOs are twice as likely to report to business leaders compared to vice president-level CISOs, and three times more likely than director-level CISOs.
The IANS survey, conducted in partnership with Artico Search, drew responses from more than 600 leaders responsible for security within their organizations.
Phil Sweeney is an industry editor and writer focused on cybersecurity topics
Dig Deeper on Careers and certifications
-
![]()
CISO reporting structure key to strong cybersecurity outcomes
By: John Burke
-
![]()
How BISOs enable CISOs to scale security across the business
By: Sean Kerner
-
![]()
Resilience for resilience: Managing burnout among cyber leaders
-
![]()
PDS confirms ‘strategic restructuring’ with series of interim senior leadership hires
By: Caroline Donnelly
