Elevating Cybersecurity 2025

4. The CISO as a storyteller: The CISO builds trust with internal and external stakeholders, such as the board or customers, by clearly communicating the organization’s security posture and by translating technical safeguards into a compelling narrative that demonstrates transparency, accountability and a deep commitment to protection. 5. The CISO as a people leader: CISOs should provide their teams with structured training and certifications so team members can adapt to an evolving landscape while growing in their positions. The importance of soft skills, such as empathy and communication, should also be emphasized, and a leadership culture developed in which everyone has the potential to contribute to cybersecurity and take ownership of projects.6. The CISO as a cultural driver: The CISO needs to establish a culture where everyone in the organization, from leadership to line employees, understands and participates in managing cyber risk. CISOs should not be the sole bearers of accountability. 7. The CISO as a negotiator: CISOs must operate as skilled negotiators, balancing security needs with business priorities and risk appetite. Whether advocating for resources, aligning with regulatory demands or influencing cross-functional decisions, effective negotiation is key to building trust and securing buy-in. Boards can play a pivotal role in ensuring that their organization considers cybersecurity to be a business issue and elevates it as a strategic imperative. The World Economic Forum has led extensive collaboration within its various initiatives on the governance of cyber risk. Key publications include Advancing Cyber Resilience: Principles and Tools for Boards and Principles for Board Governance of Cyber Risk. Those principles have also been tailored by some of the Forum’s working groups to different industries, such as the aviation, oil and gas and electricity industries.17,18,19 Within this, it is imperative that boards view CISOs as allies in this pursuit and therefore empower them to make an impact, as they are the ones who can create the success enablers for CISOs. A number of enablers from boards can foster the CISO’s impact:2.3 What can boards do to empower CISOs? Board enablers for CISO impact FIGURE 3 — Is the CISO role empower ed to provide an accurate and genuine view of the cyber risk postur e of the organization without the fear of consequences?— Is the CISO invited to boar d meetings, and is there allocated time to discuss cybersecurity topics? — Is the role visible and heard, and are findings acted upon by the leadership?— Does the CISO have the mandate to develop strong relationships with their key stakeholders, including the boar d? — Is the collaborative natur e of the role recognized, encouraged and enabled with internal and exter nal stakeholders?— Is there a mechanism in place to ensur e that executives have a financial incentive to deliver on security outcomes?— Is there a specific security and compliance budget allocated to the cybersecurity teams, including their tooling?Establish a clear and independent CISO mandateRegularly and actively listen to the CISOEnable the CISO to develop r elationships Ensur e cyber risk management failur es ar e fairly addr essedAllocate a specific ring-fenced budget for cybersecurity Source: World Economic Forum Elevating Cybersecurity: Ensuring Strategic and Sustainable Impact for CISOs 19