Cisco has announced the release of Splunk’s annual report, The CISO Report: From Risk to Resilience in the AI Era, based on a survey of 650 global Chief Information Security Officers (CISOs). The report explores the expanding responsibilities of CISOs and their approach to AI adoption, workforce investment, and risk management in a complex security landscape.
The findings indicate that AI is increasingly viewed as an important capability for security teams. Key insights from the survey include:
- 95% of CISOs identify the growing sophistication of threat actors as their primary risk.
- 92% prioritise improvements in threat detection and response, identity and access management, and investment in AI-based cybersecurity capabilities.
- 89% report that AI enhances data correlation, supporting improved incident visibility.
- 82% say AI contributes to faster data analysis and response.
At the same time, adoption of AI brings concerns: 86% of CISOs believe AI could increase the sophistication of social engineering attacks, and 82% are concerned it may add complexity and accelerate deployment challenges.
The report notes that CISOs are operating with expanded responsibilities during digital transformation, with more than three-quarters expressing concern about personal accountability for security incidents. Responsibilities increasingly include AI governance and oversight, alongside secure software development (DevSecOps).
Despite automation advances, human expertise remains central to security strategy. Organisations report prioritising workforce upskilling, hiring, and contractor support to address skills gaps and maintain oversight.
Collaboration and shared accountability across departments are highlighted as important factors for improving cybersecurity outcomes. Many respondents emphasise the value of aligning security initiatives with broader organisational objectives.
Workforce challenges remain significant, with high alert volumes and tool fatigue contributing to stress. Strategies such as consolidating security data and communicating security metrics in business terms are used to support internal alignment and reduce operational pressure.
Overall, the report outlines how CISOs are adapting to evolving risks by integrating AI thoughtfully, strengthening governance, and positioning cybersecurity as a contributor to broader business resilience.
