Only 30% of boards describe their relationship with the CISO as strong and collaborative. 

BOSTON, March 3, 2026 /PRNewswire/ -- New data from IANS, Artico Search, and The CAP Group finds that while cybersecurity reporting to boards of directors is now commonplace, many boards and CISOs are more focused on compliance than on important strategic dialogue during those sessions. This could leave boards with a lack of visibility into important future issues and at risk of weak oversight amid an increasingly critical and complex set of threats. 

The 2026 Benchmark Report: How Boards are Partnering with CISOs finds that 95% of CISOs deliver regular updates to their boards, signaling a mature reporting cadence. However, the depth of board engagement varies, mainly limited to "listening" and "receiving," without digging deeper into threats and business impacts. As an example, while 82% of board directors consider CISOs' reporting on regulatory trends to be satisfactory or excellent, only 47% of directors feel that way about CISOs' ability to articulate the impact of evolving threats. 

The findings suggest that oversight effectiveness depends less on reporting cadence and more on the depth of the dialogue, and clarity around decision rights.

"Cybersecurity reporting to boards has matured structurally, with time allocated to CISOs becoming much more commonplace, but gaps still remain," said Steve Martano, IANS Faculty and Partner in Artico Search's cyber practice. "The best security presentations drive holistic discussions on cyber risk and business risk. These discussions are driven by a CISO who forms a concise data-driven narrative and fosters discussion and brainstorming around risk tolerance, risk strategy, and cyber/tech risk ROI." 

Key Findings from the 2026 Benchmark Report: How Boards are Partnering with CISOs 

• Cyber risk updates are more transactional than strategic: Boards report strong visibility into current-state risk, program initiatives, and resourcing needs from the CISO. However, nearly half or more also indicate that reporting on the impact of evolving threats (53%) and AI-driven risk (47%) needs improvement, signaling demand for more forward-looking insight.
  
  
• Most boards and CISOs have dialogues but remain "protocol-bound": While boards increasingly recognize cybersecurity as a standing oversight responsibility, deep trust and partnership remain uneven and far from universal. Only 30% of boards describe their relationship with the CISO as strong and collaborative. 
  
  
• Updates are frequent, but airtime is limited: Most boards and CISOs have established access--95 % of CISOs provide regular updates to the board, with 60% engaging with the full board. But their time is short--roughly 30 minutes--and for 35% of boards, the CISO's security updates are limited to committee discussions. 

"What we're seeing is that while boards are consistently informed, many are still working to translate cyber reporting into strategic decision-making," said Nick Kakolowski, Senior Director CISO Research at IANS. "Directors want clearer insight into what's coming next, particularly as AI reshapes both the threat landscape and enterprise risk." 

The board report data also emphasizes AI as a key governance issue.

"AI is now a primary driver of cyber risk—both enabling more sophisticated attacks and introducing new forms of loss as AI models become high-value assets. AI and cybersecurity are inextricably linked, and boards must understand the business risks of both," said Brian Walker, CEO at The CAP Group.

Download the Reports
The 2026 Benchmark Report, How Boards are Partnering with CISOs is now available for download and provides actionable guidance for directors seeking to strengthen cyber risk governance.

A companion CISO-focused version, CISO-Board Engagement, is also available, offering practical recommendations for CISOs to improve board communication, increase strategic influence, and strengthen alignment with directors.

Methodology
The board-focused report draws on a December 2025 CISO-board engagement survey of 17 board directors representing public, private and nonprofit organizations, as well as the 2025 IANS CISO Compensation and Budget Survey, with responses from 663 CISOs across North America.

About IANS
IANS helps cybersecurity leaders act faster and make better decisions by providing expert insights and actionable guidance from more than 170 experienced practitioners, proprietary benchmarking data, content-rich events, peer-to-peer information-sharing opportunities, and customized consulting services. Learn more at www.iansresearch.com.

About Artico Search
Founded in 2021, Artico Search's team of executive recruiters focuses on a "grow and protect" model, recruiting senior go-to-market and security executives in growth venture, private equity and public companies. Artico's dedicated security practice delivers CISOs and other senior-level information security professionals for a diverse set of clients. Learn more at www.articosearch.com.

About The CAP Group
The CAP Group is a specialized advisory firm serving the unique needs of directors and officers. They provide strategic expertise on navigating the challenges and opportunities of cybersecurity and artificial intelligence. Learn more at www.cap.group. 

Media Contact:
Angelique Faul
Silver Jacket Communications
513.633.0897
409917@email4pr.com

View original content to download multimedia:https://www.prnewswire.com/news-releases/new-report-reveals-key-gaps-in-board-ciso-strategic-dialogue-on-cyber-risks-302701989.html

SOURCE IANS