Has There Been an Increase in CISO Board Support?

As part of the Cyber Security Tribe annual report, we asked our CISO community if they have support of their Board, and if they believe their Board understands cybersecurity. 

The information was collected as part of the Cyber Security Tribe annual survey, conducted between December 2024 and January 2025. Download the full Cyber Security Tribe Annual Report to discover an in-depth analysis of the current cybersecurity landscape, spilt into three main sections: People, Process and Technology. 

How Has CISO Board Support Changed Between 2024 and 2025?

Within our community of CISOs (355 respondents in the annual survey) the vast majority at 87% believe they do. Overall, there has been a 21% increase in the number of respondents who report having Board support compared to last year, though confidence in the Board’s understanding of cybersecurity has declined.

Cyber Security Tribe Co-Founder, Dorene Rettas believes "This shift could be a result of high-profile breaches in the news, which have affected brand perceptions. Boards may be giving cyber leaders more autonomy to safeguard the business, while not fully grasping all the associated risks and challenges."

We asked the Cyber Security Tribe Advisory Board - What does Board support look like? What do you need to feel supported by the Board?

Jason Elrod: Board support should be proactive and consistent. It looks like an open line of communication where the CISO has a regular seat at the table, not just during crises. I need clarity in expectations, alignment on risk tolerance, and a willingness to prioritize cybersecurity as a business enabler. Support also includes budgetary alignment and a culture that views cybersecurity as a shared responsibility, not just a technical concern.

Dr. Vivian Lyon: How organizations support their security leaders matters with the growing threat of personal liability for CISOs adding a new layer of pressure to an already demanding role. CISOs play a central role in managing cyber risk, and that means they need the tools, authority, support, and coverage to do their jobs effectively.

Justifying cybersecurity expenses can be challenging due to differing risk perspectives, as the Board/CIO may view them as limiting other initiatives and might favor calculated risks, whereas the CISO aims for strict controls. Thus, adequate budget allocation and bridging communication gaps to eliminate or minimize the potential fragmentation of responsibilities to achieve the organization's goals and objectives are crucial.

Herman Brown: Board support provides active engagement in organizational direction, topics of interest, governance, advocacy, and operational support. What I need to feel supported by the Board is trust, empowerment, engagement, clear organization mission, priorities, and funding.

Rizwan Jan: Board support looks like active engagement, where the Board provides strategic guidance, resources, and oversight to help navigate complex challenges. For me, this means ensuring interactions are brief, focused, and productive, highlighting key risks, priorities, and the impact of initiatives on the organization’s overall goals. It also involves building a relationship of trust, where the Board values my expertise and provides the autonomy and resources needed to effectively manage programs.

Eric Harris: Board support means clear alignment on security priorities, adequate funding, and a strong security culture across leadership. To feel supported, a CISO needs regular engagement with the Board, not just when incidents happen. This means access to decision-makers, a voice in strategic planning, and realistic expectations about risk management. Security should be seen as a business enabler, not just a compliance requirement or another expense.

Randall Frietzsche: The first thing is to actually be invited to present to the Board. If you aren’t even invited, the support is probably not there. The amount of time you’re given to present is another important clue. If you get 5 minutes, the Board isn’t giving a lot of thought to cyber and it’s probably a regulatory requirement for them.

You can download the full Annual State of the Industry Report 2025 to:

• Benchmark Your Cybersecurity Strategy – Compare your organization’s cybersecurity priorities against industry trends and expert insights to ensure you're on the right path for 2025 and beyond.
• Gain Insights from 350+ Cybersecurity Professionals – Gain a data-driven perspective on critical topics such as hiring trends, investment priorities, AI governance, and incident response strategies.
• Gain Expert Analysis on Emerging Threats and Technologies – Learn from leading cybersecurity experts about the evolving risks in non-human identity management, agentic AI, and security frameworks.
• Improve Your Cybersecurity Culture – Discover best practices for security awareness training, employee concerns, and CISO board support to enhance your organization’s security posture.  
• Actionable Takeaways for 2025 and 2026 – Use this report as a roadmap to refine your cybersecurity initiatives, align with industry standards, and make informed decisions on technology investments.