38% of CISOs Fear They’re Not Moving Fast Enough on AI

As artificial intelligence (AI) continues its rapid evolution, cybersecurity leaders find themselves balancing between AI’s potential as a security force multiplier and its growing use by cyber adversaries. Splunk’s latest CISO Report 2025 highlights the evolving relationship between CISOs and their boards, with AI emerging as a major theme in security strategy, risk assessment, and investment decisions. The report is based on feedback from 600 respondents across 10 countries in the U.S., Europe and Asia-Pacific, including ~500 CISOs, CSOs, or equivalent security leaders and 100 board members.

The Evolving Role of the CISO in 2025#

The role of the CISO has transformed significantly in recent years, shifting from a primarily technical function to a strategic business leadership position. More CISOs are now reporting directly to the CEO, with 82% holding this reporting structure in 2024 compared to just 47% in 2023. This shift highlights the increasing importance of cybersecurity in overall business strategy.

However, this new responsibility comes with challenges. Only 8% of board respondents said CISOs exceed expectations, indicating that despite their elevated status, many security leaders still struggle to align with business goals. As cyber threats grow more sophisticated, CISOs must not only manage security but also communicate risk in a way that resonates with executives and board members.

Using AI to Accelerate Defense in Cybersecurity#

One of the most striking findings in Splunk’s report is that 53% of CISOs believe AI will give attackers a slight or significant advantage. While this figure has dropped from 70% in 2023, the concerns remain valid, with top AI-driven threats including highly realistic phishing attacks (57%), new malware strains that can evade cybersecurity (44%), and adaptive social engineering tactics (40%).

At the same time, security teams recognize AI’s defensive capabilities. CISOs see AI as a powerful tool for malware analysis, threat detection, and alert enrichment, with 47% already using it for these purposes. Other applications include security software configuration (39%), creating threat detection rules (32%), and proactive threat hunting (30%).

CISOs Grapple with the Urgency of AI Adoption#

Even with AI’s vast potential to radically transform cybersecurity operations, 38% of CISOs worry that they are not adopting AI quickly enough to stay competitive. Boards appear more optimistic, with 24% stating they are already using AI for cybersecurity, while 41% have immediate plans to implement it within the next year. This gap between security leaders and executives highlights a growing tension—CISOs know the risks AI introduces, but they also recognize the necessity of leveraging it to improve security posture.

Bridging the Budget Gap for AI Investments#

For many CISOs, securing AI-related investments is a challenge. Only 29% of CISOs believe they receive adequate cybersecurity budgets, compared to 41% of board members who feel current spending levels are sufficient. Given AI’s potential to enhance threat detection and incident response, persuading boards to prioritize AI investment is becoming a crucial skill for security leaders.

To effectively make their case, CISOs are learning to frame security as a business enabler rather than just a cost center. Splunk’s report reveals that boards are most convinced by arguments that position security in terms of business growth (64%) and cost avoidance, such as reducing downtime (46%).

Regulatory Pressures Are Mounting#

Beyond AI, regulatory scrutiny on CISOs is intensifying. Compliance obligations are becoming more personal, with 21% of CISOs admitting they have been pressured not to report a compliance issue. However, 59% stated they would act as whistleblowers if their organizations ignored compliance requirements. This growing liability landscape adds another layer of complexity to AI adoption, as organizations must ensure transparency and governance around AI-driven security decisions.

The Future of AI in Cybersecurity#

This report shows that the role of the CISO is undergoing rapid transformation, with AI playing a pivotal role in both security defenses and adversarial threats. While CISOs recognize AI’s potential, they face hurdles in budget negotiations, governance, and adoption speed.

More than 65% of CISOs are actively training their security teams in prompt engineering, while 56% are defining protocols to determine which tasks should be automated by AI and which require human oversight. These efforts signal a shift toward embedding AI into the core of security operations, with CISOs aiming to use AI not just as a defensive tool but as a proactive mechanism to stay ahead of emerging threats.

The challenge moving forward will be ensuring AI-driven security strategies align with business priorities and regulatory requirements. For organizations that can successfully navigate these challenges, AI puts them light years ahead of those still relying on manual processes that struggle to keep up with the speed, scale, and sophistication of modern cyber threats.