The modern CISO is becoming the next CFO

The modern CISO is becoming the next CFO

The modern CISO is becoming the next CFO

https://www.csoonline.com/article/4193375/the-modern-ciso-is-becoming-the-next-cfo.html

Publish Date: 2026-07-07 05:04:00

Source Domain: www.csoonline.com

At some point, every security leader gets asked a version of the same question: Are we good? It tends to arrive when something is at stake and the person asking needs to know they can rely on the answer.

I learned what that question really means at a firm I was with earlier in my career. We had received intelligence that threat actors were preparing to go after financial services firms over the holidays, counting on skeleton staffing and slower response times. We had procedures for exactly that kind of heightened alert, and we ran them. The moment that stayed with me came in a hallway. The head of business stopped me and asked, plainly, “Are we good?” He was not asking for a status report on our controls or a walkthrough of our incident response plan. He wanted a seasoned leader to look at him and say, with conviction, that we were good.

That instinct, the need for someone accountable enough to say “we’re good” and mean it, sits at the center of a debate the cybersecurity industry keeps having: Whether the CISO role has become unsustainable. The list of responsibilities continues to grow. Security leaders are expected to oversee cyber resilience, regulatory compliance, third-party risk, business continuity, AI governance, incident response and an ever-more-complex threat landscape. Boards, regulators, customers and investors simultaneously demand greater visibility into cyber risk than ever before.

Source