提升网络安全：确保首席信息安全官的战略和可持续影响（英）

W H I T EP A P E RO C T O B E R2 0 2 5 Contents Foreword3 Executive summary4 Introduction5 1.2 The diversity of the CISO role8 2 Recommendations for CISOs and top leadership17 2.1 The evolving responsibilities of the CISO17 2.2 What can CISOs do to make the case for cybersecurityas a business imperative?18 Conclusion20 Contributors21 Acknowledgements21 Disclaimer This document is published by theWorld Economic Forum as a contributionto a project, insight area or interaction.The findings, interpretations andconclusions expressed herein are a resultof a collaborative process facilitated andendorsed by the World Economic Forumbut whose results do not necessarilyrepresent the views of the World EconomicForum, nor the entirety of its Members,Partners or other stakeholders. ©2025 World Economic Forum. All rightsreserved. No part of this publication maybe reproduced or transmitted in any formor by any means, including photocopyingand recording, or by any informationstorage and retrieval system. Foreword Sabrina Feng Akshay JoshiHead, Centre forCybersecurity, Member ofthe Executive Committee,World Economic Forum Christophe BlassiauSenior Vice-Presidentand Group Chief InformationSecurity Officer, Schneider Electric;Co-Chair, World Economic ForumCISO Community Chief Risk Officer, Technology,Cyber and Resilience, LondonStock Exchange Group (LSEG);Co-Chair, World EconomicForum CISO Community In today’s digitally interdependent world, the role ofthe chief information security officer (CISO) is morecritical and complex than ever. Security leadersmust navigate geopolitical volatility, technologicaldisruption and systemic cyber risks, all whilebuilding trust and driving innovation. This white paper, shaped by the World EconomicForum’s global CISO community and grounded inreal-world experience, offers a practical view onelevating cybersecurity within an organization throughthe analysis of the CISO role. It highlights howorganizations can transform cyber risk into resilienceand convert trust into sustainable value creation. Cybersecurity is now a core business imperative.The CISO’s remit extends far beyond technicaldefence: it involves translating global shiftsinto actionable strategies, guiding the secureadoption of emerging technologies – such as AIand quantum computing – and building resilientecosystems with partners, regulators and peers.To succeed, CISOs need more than responsibilityand credibility – they need systemic empowerment.Boards and executives must recognize that theCISO role needs a broad mandate. We urge every leader – whether in the boardroom,the C-suite or the security team – to seize thismoment. By redefining the CISO as a strategicenabler, cybersecurity can evolve from a cost centreor compliance exercise into a driver of growth, trustand innovation. Executive summary The chief information security officer hasbecome central to the success of thebusiness. Boards and C-suite executivescan actively contribute to makingcybersecurity a strategic imperative withinthe organization. As organizations confront a rapidly evolving andinterconnected threat landscape – especially fromorganized criminal groups and state-sponsoredcyber operations, AI-enabled attacks and supplychain vulnerabilities – the role of the CISO isundergoing a profound transformation. Today’sCISO must act as a business strategist, operationalrisk leader and trusted adviser to executiveleadership and boards. Drawing on insights and engagements with CISOsin the World Economic Forum’s CISO community,this white paper discusses how the position isexpanding in scope and influence amid the growingcomplexity of the cyber landscape, and outlines thekey roles CISOs must fulfil to position themselves asstrategic enablers. Boards have a role to play in empowering theCISO to exercise effective leadership and deliverstrategic and sustainable impact. The successof the CISO depends on influence rather thanhierarchy. To do this, boards must empowerCISOs with a clear, enterprise-wide mandatethat recognizes cybersecurity as a fundamentalenabler of resilience, trust and long-term value.This white paper also addresses boards andprovides them with a set of enablers that helpelevate cybersecurity within the organization sothat the CISO can develop trusted relationships inboth internal and external ecosystems – spanningthe C-suite, risk and compliance functions,operational units and government bodies. Elevatingcybersecurity is also about strengthening theorganization’s overall resilience. The shift towards positioning cybersecurity asa core business risk has accelerated in recentyears. Regulatory frameworks now frequentlymandate the appointment of a CISO and definetheir accountability structures.1At the same time,the consequences of cyber incidents – suchas operational disruption, reputational damageand erosion of customer trust – have becomemore visible and severe. However, in theGlobalCybersecurity Outlook 2025survey, almost twiceas many su