Artificial intelligence, particularly the emergence of agentic AI, is rapidly reshaping cybersecurity strategy, according to a global report from Splunk, part of Cisco, highlighting the growing pressures facing Chief Information Security Officers (CISOs).
The CISO Report: From Risk to Resilience in the AI Era, based on a survey of 650 CISOs worldwide, reveals that security leaders are operating in an increasingly complex environment where evolving threats, expanded responsibilities and workforce pressures are redefining the role.
The research shows that 95% of CISOs now view the growing sophistication of threat actors as their biggest risk, while 92% say improving threat detection and response capabilities is their top priority. Identity and access management (78%) and investment in AI-driven cybersecurity capabilities (68%) also rank among the most important strategic priorities.
AI is already playing a significant role in strengthening security operations. According to the report, 92% of CISOs say AI enables their teams to review more security events, while 89% report improvements in data correlation. Organisations that have adopted agentic AI (systems capable of taking autonomous actions based on data analysis) are also seeing operational benefits. Nearly four in ten CISOs using agentic AI say it has more than doubled reporting speeds compared with organisations still evaluating the technology.
However, the rise of AI also introduces new risks. Eighty-six percent of CISOs believe agentic AI will increase the sophistication of social engineering attacks, while 82% worry it will accelerate the deployment of malicious persistence mechanisms by threat actors.
Alongside technological change, the report highlights a significant expansion in the CISO’s responsibilities. Nearly all respondents now report overseeing AI governance and risk management, while more than four out of five also manage secure software development initiatives such as DevSecOps.
Despite the growing role of automation and AI, many CISOs believe human expertise remains central to effective cybersecurity. The report finds that organisations are prioritising workforce upskilling, new hires and specialist contractors to address skills shortages.
Workforce wellbeing is also a major concern. Nearly two-thirds of security teams report moderate to significant burnout, driven by high alert volumes, false positives and tool fatigue.
To address these challenges, CISOs are increasingly consolidating security data and collaborating more closely with other C-suite leaders to strengthen digital resilience and demonstrate cybersecurity’s business value.
According to Splunk, the findings underline the evolving role of the CISO as a strategic leader responsible not only for security technology, but also for risk management, governance and organisational resilience in the AI era.
Photo by charlesdeluvio on Unsplash
