broader security responsibilities such as physical security and fraud, and general IT responsibilities such as networking and IT infrastructure. The scope of responsibilities is broadening the most among the smaller companies in the IANS survey. For example, CISO ownership of IT stack functions is relatively common at firms with $100 million in annual revenue or less but rare in billion-dollar enterprises. According to the IANS data, 57 percent of CISOs at firms with $100 million or less in revenue oversee all or part of the IT stack, including more than half who are responsible for networking, IT compliance, IT operations and infrastructure. “These differences reflect the resource dynamics between small and large organizations: smaller firms often consolidate roles for efficiency, while larger companies allow CISOs to focus on core security strategy and leadership,” said IANS researchers. Partners and providers looking to leverage CISOs’ newfound influence within buying circles can start by empathizing with the challenges and frustrations that come with their broadening roles. After all, a quarter of CISOs reported that their scope of responsibility is not consistently manageable, while an additional 28 percent said outright it is no longer tenable. Top concerns related to expanding scopes include teams that are too lean for organizational size and complexity, new mandates that are made without new resources, ambiguous reporting lines, inheriting broken systems and teams that must operate in constant triage mode. According to CISOs surveyed by Splunk, areas that need the most help within their security programs are threat hunting, engineering support (for vendor tooling, detection engineering or maintenance), software development, and network and cloud architecture. “These gaps are especially painful to CISOs as they undermine the ability to address their top challenge, the growing sophistication of threat actor capabilities, and their top priority, improving threat detection and response,” said Splunk researchers. While they navigate their rapidly expanding roles at the executive level, CISOs and their teams also are withstanding an onslaught of alerts. A full 98 percent site “high alert volume,” as a driver of stress, while 94 percent likewise list the high false alert volume. “This isn’t just a nuisance; it’s a crisis of context, where critical insights and real threats get buried under a mountain of noise,” said Splunk researchers. “It’s difficult to prioritize alerts when everything feels urgent.” About 80 percent of responding CISOs view tool sprawl as a source of stress, as well, calling into question solution providers who simply want to throw more products at security teams. When asked to identify the greatest threats to executing their cybersecurity strategies, CISOs expressed a dual challenge. Externally, they confront increasingly sophisticated threat actor capabilities. “Gone are the days of obvious phishing emails filled with bad spelling and grammar. Today’s attacks are far more bespoke and convincing,” said Splunk researchers. Internally, they must orchestrate and manage budget, talent and executive buy-in to mount their defense. Executive-level CISO, in particular, must now more than ever translate the complex and often chaotic world of cybersecurity into clearcut business value, Splunk’s data suggested. Low cybersecurity fluency among other C‑suite leaders is the most significant hurdle to crossdepartment collaboration, named by 85 percent of respondents. In other words, while CISOs recognize value in these partnerships, cyber knowledge gaps create tension. “They’re asked to prove worth, justify investments and demonstrate progress to a board and C-suite that require clarity, but don’t always understand technical nuance,” said Splunk researchers. Historically, cybersecurity has been seen as a cost center, but CISO are now beginning to frame it as a business enabler. According to Splunk CISO Michael Fanning, “CISOs shouldn’t expect leadership to inherently understand security’s value. We have to showcase it – proactively.” Partners and providers that can help CISOs traverse this communications gap will no doubt be rewarded. o CISO C-Suite Collaboration Obstacles Low cybersecurity fluency among non-technical executives 85% Risk appetite misalignment 71% Lack of shared understanding of security’s role in business success 66% Lack of integrated workflows with other teams 31% High data volumes and related costs 28% Source: Splunk CISO survey, 2026 CISOs’ Biggest Obstacle to Security Strategies Sophistication of threat actor capabilities 95% Pace of technology advancements 89% Shifting regulatory requirements 76% Talent shortages 47% Budget availability 42% Source: Splunk CISO survey, 2026 29 SPRING 2026 | CHANNELVISION
RkJQdWJsaXNoZXIy NTg4Njc=