惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V
Vulnerabilities – Threatpost
AI
AI
D
Darknet – Hacking Tools, Hacker News & Cyber Security
L
LINUX DO - 热门话题
G
GRAHAM CLULEY
Cisco Talos Blog
Cisco Talos Blog
T
Tenable Blog
L
Lohrmann on Cybersecurity
Know Your Adversary
Know Your Adversary
A
Arctic Wolf
T
Threatpost
AWS News Blog
AWS News Blog
S
Securelist
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
J
Java Code Geeks
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
The GitHub Blog
The GitHub Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
C
Cisco Blogs
F
Full Disclosure
Jina AI
Jina AI
Engineering at Meta
Engineering at Meta
I
InfoQ
C
CXSECURITY Database RSS Feed - CXSecurity.com
I
Intezer
C
CERT Recently Published Vulnerability Notes
Last Week in AI
Last Week in AI
P
Privacy International News Feed
Scott Helme
Scott Helme
WordPress大学
WordPress大学
Simon Willison's Weblog
Simon Willison's Weblog
D
Docker
T
Threat Research - Cisco Blogs
P
Proofpoint News Feed
C
Cyber Attacks, Cyber Crime and Cyber Security
Y
Y Combinator Blog
T
Tor Project blog
V
Visual Studio Blog
Spread Privacy
Spread Privacy
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Google DeepMind News
Google DeepMind News
B
Blog RSS Feed
Google Online Security Blog
Google Online Security Blog
C
Check Point Blog
爱范儿
爱范儿
N
News and Events Feed by Topic
博客园 - 【当耐特】
TaoSecurity Blog
TaoSecurity Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main

WhatIs

Strategic IT outlook: Tech conferences and events calendar | TechTarget 8 AI use cases in manufacturing Enterprises are making an AI native transformation Zero trust in the IT ops stack: Securing hybrid workloads How algorithmic value sets enhance clinical decision-making Top methods for collecting customer feedback Build a data governance team that delivers results How to calculate the total cost of ownership of ERP software Communities call for transparency in AI data center deals Scalable IT infrastructure: Balancing speed with stability How health systems are tackling 'Kill the Clipboard' obstacles Understanding the science behind AI-based hiring assessments Tape's strategic role in modern data protection How to choose an HR software system in 2026: A complete guide The UC stack gets the policy job Top zero-trust use cases in the enterprise 13 top IT infrastructure conferences in 2026 SNMP vs. CMIP: What's the difference? 3 essential network analytics use cases AI Security Risks Force CIOs to Rethink Strategy Red Hat Summit 2026 news and conference guide | TechTarget What is HR technology (human resources tech)? Understand, optimize and track customer journey touchpoints Should IT use Apple Business Manager without MDM? Build and organize an effective machine learning team The storage modernization imperative in a fast-changing IT landscape Procurement automation use cases for CSCOs to consider 3 steps for health system leaders to drive patient safety culture What is DevOps? Meaning, methodology and guide Enterprises Face New Storage Bottlenecks as AI Grows A guide to Intune Suite licensing for endpoint management Epic controls 42% of the US EHR market. Does that help or hurt interoperability? SAP Sapphire 2026 news, trends and analysis | TechTarget How to develop a data governance strategy: 7 key steps 12 generative AI tools for marketing and sales teams Top 9 smart contract platforms to consider in 2026 Top 8 e-signature software providers for 2026 Rise with SAP vs. S/4HANA Cloud: What are the differences? How businesses use KPIs to measure AI's performance 5 clues your network has shadow AI How do digital signatures work? Collaboration security and governance must be proactive Compare SAP greenfield vs. brownfield approach for S/4HANA Merck, Home Depot tap Gemini Enterprise for AI agent development Rural challenges may dampen digital healthcare's potential Build an ethical AI framework: 12 top resources The great workload reshuffle: Choices for AI and analytics How to remove a device from Intune enrollment Cisco unveils quantum network advancements 3 BYOD security risks and how to prevent them 10 of the top carbon accounting software 8 trends powering machine learning's dynamic new roles Network engineers must take the lead to push DDI to the cloud How does Microsoft 365 Copilot pricing and licensing work? ONC highlights behavioral health EHR adoption trends, data exchange barriers LLMs struggle with clinical reasoning, study finds Democratizing AI in business: The good, bad and ugly What can organizations do to address BYOD privacy concerns? Fix the service path before you optimize it with AI How AI reshapes upselling in customer experience platforms When collaboration starts becoming operational drag Balancing health AI management with growing vendor sprawl Career cure for AI phobia: Be a beekeeper, not a worker bee 16 top applicant tracking systems for 2026 How a rural community hospital deploys AI to detect heart disease 8 examples of document version control Guide to 30+ sustainability certifications for professionals AI agents are only as smart as the data that feeds them AI could earn trust in transactional work first How to fix keyboard connection issues on a remote desktop How to add and enroll devices to Microsoft Intune 11 DevSecOps best practices to prioritize in 2026 6 key components of a successful data strategy How to enable Copilot in Microsoft 365: A step-by-step guide What CIOs need to know about Meta's proposed CEO AI agent Top AI recruiting tools and software of 2026 How contact centers detect and prevent fraud 10 essential skills for modern contact center agents Beyond the chatbot: Engineering the agentic enterprise AI in business intelligence: How to manage it effectively Why legacy networks are a growing liability Failure is an option as an IT leadership tool How HR can create a successful change management strategy HR AI is becoming a change management story Digital transformation: Balancing speed and governance RSAC 2026 Conference: Key news and industry analysis | TechTarget 8 best practices for a bulletproof IAM strategy 5 customer journey phases businesses should understand 12 top HR software and tool options to consider in 2025 6 contact center trends shaping the future of customer service Contact center monitoring best practices for CX leaders Cloud vs. local backup: Which is right for your organization? 6 steps for when remote desktop credentials are not working How governance maturity affects M&A integration outcomes Inside the push to turn AI agents into suite functionality How should contact centers use AI today? Accenture global health lead on scaling AI in healthcare with governance and intent 10 best free DevOps certifications and training courses in 2026 What is compensation management? What CIOs must know about bossware strategy
6 ways to improve the CIO-CISO relationship in 2026
2026-05-15 · via WhatIs

Casual observers may assume because the CIO and CISO are both technology roles, there's a natural synergy between the two. As a CIO, you know that these observers are incorrect. 

Improving this relationship is key to minimizing risk and reaching company goals. Doing so requires soft skills -- a combination of communication, mutual understanding and engagement across the rest of the C-suite and with other employees. 

Here's a look at the characteristics of the CIO-CISO relationship, the typical reporting structure and ways you can work to improve the relationship. 

The fundamental CIO-CISO relationship

CIOs and CISOs often feel mutual antipathy, which can escalate into outright hostility, to the detriment of the organization. This stems not from the personalities of the people in the CIO and CISO roles, but rather from the fundamental conflict between the two roles. 

Your job is to enable business through technology; the CISO's job is to mitigate the risk introduced by technology. 

In other words, a CIO's job is to say "yes" and the CISO's job is to say "no." 

You can be fired if a technology implementation fails, costs too much or doesn't deliver as promised. A CISO gets fired if the company is breached badly enough, or even indicted by the SEC -- regardless of whether it's their fault. So, a CIO's actions can get a CISO fired. 

CIOs who view that situation from the CISO's perspective may find it easier to reframe both job functions to improve interactions. In the age of AI, this is more important than ever.  

CIO-CISO reporting structure: Actual vs. ideal

One way that many organizations seek to mitigate this natural tension is via reporting structure. You can help advocate for the reporting structure that works best. 

The CISO reporting to the CIO is not ideal: if the boss wants to do something and the direct report doesn't, who's most likely to win? 

The most successful organizations -- as measured by quantifiable metrics, particularly the median total time to contain an incident -- are those in which the CISO reports directly to a business executive, not the CIO. Nemertes' research bears that out. Organizations where CISOs report directly to CEOs tend to see the best security outcomes, but reporting to the chief risk officer, the chief legal officer or the CFO -- basically anyone whose job includes a company-wide assessment of risk, not just technical risk -- is better than the CIO. As CISO face increasing pressure due to AI-driven threats, their responsibilities and profiles are being elevated: seriously considering changing reporting lines to take this into account can significantly benefit businesses.  

To put it in good-better-best terms: It's good to have a CISO, even for a small organization, and even if that CISO reports several layers down in the CIO's organization. It's better to have the CISO report directly to the CIO, rather than several layers down. And it's best if that CISO doesn't report to the CIO at all, but to a business executive. 

Graphic showing that 20% of CISOs think they'd be fired for a breach even if they're not responsible
The responsibility for security breaches falls on the CISO

How to build a good CIO-CISO relationship

Regardless of the reporting structure in your organization, here are five ways you can improve your relationship with the CISO.

1. Treat the CISO as a peer

One way you can create a good CIO-CISO relationship is to treat the CISO as a peer, even if they are a direct report. This might be difficult. Like many people who rise to the CIO level, you may have type-A tendencies, and often want to control every aspect of your organizations. But it is possible to loosen the reins and grant talented colleagues greater autonomy. 
 
There are thousands of small behaviors that color interactions and distinguish between treating someone "as a peer" and "as a direct report." If the CISO reports to you, try to imagine that they don't. Invite them to join you for discussions. Don't issue orders. Make suggestions, not demands. Encourage them to set goals that align with the business, not with what you want. And who knows? The approach might be so effective you'll want to try it with all your direct reports, not just the CISO. 

2. Frame discussions around risk

CIOs oftentimes want to shift the topic of every discussion to technology. As a CIO, you should be reluctant to do that with CISOs. A better tactic is to drive every discussion on the topic of risk, particularly enterprise risk. What enterprise risk is imposed, or mitigated, by what the CISO is discussing? Is it operational, technical or reputational? How likely is the risk and how severe is it? 
 
Assume your CISO has a solid grasp of the technology, or at least that the security team does and has been able to clearly communicate it upward. Try to grant the ownership of risk assessment to the CISO, even though, as CIO, you have likely dealt with risk issues many times in your career. Always remember that if this risk assessment is wrong, it's the CISO who gets fired. 

3. Unite to protect the business against AI threats

AI is redefining cybersecurity threats and changing what it means to be a CISO. Whether the CISO reports to the CIO or not, it is more imperative than ever that CISOs and CIOs are true allies in their fight against AI-driven cyberattacks.  

In practice, this means acknowledging that AI governance is a shared priority and openly addressing the skill set changes needed to protect enterprises from AI threat actors and other risks. Honest conversations may need to be had around how any tensions between CIOs and CISOs are thawed, and strategies for fighting AI need to be agreed on and executed together. Having open lines of communication to stay abreast of the developments in AI-driven risks is crucial.  

4. Engage the CISO and security team

This may sound obvious, but it's surprising how often CISOs or their teams will tell me that major decisions have been made by the CIO or technology team without letting the CISO know. It's such a common scenario, in fact, that Nemertes has created a maturity model around it.

Strive to position yourself and your team at that fourth level of maturity. It prevents the need for drastic course corrections downstream and helps integrate and align the IT and cybersecurity strategies.

5. Arrange informal and formal interactions

If you've read this far, you may be making a note on your to-do list that reads something like: "Schedule regular briefings with CISO and team to keep them appraised of our major initiatives."

Yes, absolutely, you should do that. Formally scheduling something is an excellent way to ensure it gets done.

But don't neglect the impact of less-formal, less-structured interactions as well. One Canadian CISO of my acquaintance used to host what he called "Timbits Tuesdays." For those south of the border, Timbits are scrumptious donut holes made by Canadian institution Tim Horton's. My friend would bring a couple bags of Timbits along with hot coffee to kick off a Tuesday-morning get-together with no fixed agenda. It was often the most valuable meeting of the week.

In this online, work-from-home environment, Timbits Tuesdays might not work. But there are plenty of ways to recreate the informal vibe over a video link. For example, have different members of the IT team present topics that interest them -- while wearing silly hats. Fostering connection is also an important way to help your team reduce stress, which should be a concern for all leaders.

6. Craft consistent business cases

One final way to improve the CIO-CISO relationship is to work harmoniously to craft business cases that take into account each other's technology investment strategies. 

If you are proposing a major ERP upgrade, for instance, you should include funding for technologies to keep that upgrade secure and justify why that technology investment is important. And when the CISO puts in for a software-defined perimeter, he or she should track the benefits in the form of reduced trouble tickets, increased employee satisfaction and the like. 
 
In other words, CISOs and CIOs should work together with unified budget planning where possible -- whether they're in the same reporting structure or not -- to ensure that business cases consistently account for the costs and benefits of technology investment. 

About the author
Johna Till Johnson is CEO and founder of Nemertes Research, where she sets research direction and works with strategic clients.

Harriet Jamieson is a senior manager on the IT Strategy team at TechTarget.