Roughly 70% of security executives believe internal conflicts during a crisis cause more problems than the cyberattack itself.
“CISO-CEO tension, unclear authority, unrehearsed scenarios, and communication gaps between key teams cripple breach response despite major investments in tools and talent,” concludes the Cytactic 2025 State of Cyber Incident Response Management (CIRM) Report, based on a survey of 480 senior US cybersecurity leaders. “Blurred authority and shifting responsibilities frequently delay response efforts, creating more disruption than the attackers themselves.”
But analysts and security specialists say much of the problem stems from alignment and perception issues that have taken hold well before cyberattacks require all-hands response, such as the incorrect belief that everything a CISO proposes slows down operations, making it harder to achieve revenue targets.
Security experts advise CISOs to consider such perception problems when setting security strategies and communicating cybersecurity’s value to colleagues and the board. For example, by emphasizing authentication behavioral analytics and other forms of passwordless protections, CISOs can show how their approaches deliver better protections with less friction, thereby helping lines of business (LOBs) to do their jobs securely and without unnecessary end-user effort.
Jeff Pollard, a vice president and principal analyst at Forrester, says another factor that undermines CISO-LOB and CISO-CEO relationships is the way that enterprise compensation is determined, a process that unintentionally sets CISOs on a collision course with LOB execs, the CEO, and the CFO.
“Think about the CEO and the LOB executives. They all have a P&L because they run a line of business. The vast majority of CISOs, however, have a budget but no P&L. That is a drastic difference,” Pollard says, adding that this common situation makes the CISO’s department look like just a cost center.
To fix that disconnect, Pollard says, CISOs must remind their CEO and LOB colleagues — loudly and often — that security initiatives indeed deliver revenue, marketshare, and customer retention.
“Every single customer that is rolling into those lines of business” are “filling out third-party risk management questionnaires and they are looking at audits,” Pollard says. “What CISOs are failing to do is showcasing that fact by saying things like, ‘When we bought that tool, it was not because we were bored. It was because one of your customers was asking, ‘Hey! What are you doing about web attacks on services from you that we use?’”
Pollard continues: “That’s where CISOs help with revenue. It’s because somewhere there is a customer — and probably a big one — who wanted it.”
Pollard advises security leaders to tell their CEOs and business colleagues, “‘I am not introducing friction. I am delivering what our customers are forcing us to do.’ Showcase the reasonwhy you are doing what you are doing. ‘Because it’s your customers who are asking for these things.’”
Cybersecurity consultant Brian Levine, a former federal prosecutor who today serves as executive director of FormerGov, a directory of former government and military specialists, argues that the differing approaches of different company executives should also be spun as a good thing.
“You want to have the conflict. The different incentives and motivations and expertise allow different ways of thinking about the company and finding ways to make it successful,” Levine explains. “The first thing is to not see that conflict as the problem.”
CJ Dietzman, senior vice president at Alliant Insurance Services, says CISOs also need to focus on what every LOB needs and try to address that. In other words, put the business first and address cybersecurity within that context. If CISOs can help their LOB exec colleagues deliver to their targets, cybersecurity will have their loyalty and support — which will go a long way toward easing internal tensions when a cyber crisis arises.
“Know your business, CISO,” Dietzman says. “You should never lead with cybersecurity.”