Is the CISO Role Becoming Obsolete?
The role of the Chief Information Security Officer (CISO) stands at a critical juncture. For years, CISOs have been elevated by the persistent fear of cyber incidents. This fear has driven budgets, defined strategies, and secured their seat at the executive table. But what happens when that fear subsides?
New research challenges the conventional wisdom that the CISO's influence will continue to grow. As cyberattacks and data breaches become normalized, leadership perspectives are shifting. The acceptance of cyber risk as a standard cost of doing business is on the rise, diminishing the value once placed on pure protection.
This shift demands a fundamental transformation of the CISO role. The old mandate is becoming obsolete. To remain relevant, security leaders must evolve.
From Protection to Resilience
The future of cybersecurity leadership is not in building impenetrable walls but in ensuring organizational resilience. The focus must move from preventing every incident to minimizing business disruption when an incident inevitably occurs. This is the new imperative: cyber resilience. A proactive strategy that embraces the reality of modern cybersecurity threats.
The CISO's Evolving Mission: Driving Value
To secure their organization’s future, CISOs must move past traditional risk management and embrace a wider scope — one that positions them as enablers of business value. Examples of this evolution include:
- Driving innovation with the safe adoption of GenAI.
- Building supply chains and modernizing business continuity.
- Accelerating sales cycles by addressing customer security requirements.
This evolution transforms the CISO from a cost center focused on protection to a strategic partner, delivering measurable results and enabling mission outcomes.
Discover the Path Forward
In a new Maverick research report, Gartner® explores this impending transformation and outlines the decisive actions CISOs must take to avoid obsolescence. This report delivers a clear roadmap for redefining your role around resilience and value creation.
Prepare for a future where leadership expects more than just protection. Download the complimentary Gartner® Maverick research report to learn how to transform your role and secure your value to the business.
Gartner, Maverick Research: CISOs Must Transform Their Role or Become Obsolete, 19 June 2025, By Will Candrick.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
