Illustration by iStock; *Security Management*

CISOs: Internal Conflicts Cause More Chaos Than Cyberattacks

By Claire Meyer

30 October 2025

Tension between security executives and organizational leaders can be destructive, especially during crisis response. In a recent survey, roughly 70 percent of U.S. senior cybersecurity leaders said internal conflicts during a crisis cause more problems than the cyberattack itself.

Despite ongoing and significant investments in cybersecurity tools and talent, “CISO-CEO tension, unclear authority, unrehearsed scenarios, and communication gaps between key teams cripple breach response,” according to the Cytactic 2025 State of Cyber Incident Response Management Report. “Blurred authority and shifting responsibilities frequently delay response efforts, creating more disruption than the attackers themselves.”

Misalignment during incident response brings key players—including legal, communications, and executives—to the table too late, causing internal friction, the report found. This can also result in significant delays; 41 percent of senior cybersecurity leaders said they have delayed response actions during a crisis due to uncertainty about who had final authority.

Confidence in leadership structure is uneven, too; 90 percent of respondents feel sure their teams know who’s in charge during a crisis, but 54 percent report that who makes decisions often changes mid-incident. Although plans might clearly define responsibilities, execution often deviates, said 86 percent of cybersecurity leaders.

The “translation time” between legal, communications, and tech teams also causes delays, said 86 percent of respondents.

Boards of directors are also underprepared for cyber crisis response; 83 percent of cybersecurity leaders said boards underestimate the pace and intensity of breach response.

“In a cyber incident, hesitation is one of the most dangerous factors that impacts the outcome of an impact,” said Tim Youngblood, CISSP, CISO for Astrix Security, in the report. “The real bottleneck is often our own ability to respond quickly and decisively. Too often, decision-making stalls because information did not reach the right people in time, or because ownership and responsibilities are unclear.”

The role of CISOs during cybersecurity incident response is also changing, leading them to require more executive skills, the report found.

“While containment and incident response remain core, CISOs now know that their executives prioritize clear updates and expect them to lead communication strategy,” the report said. “Their value lies in translating cyber risks into business impact, on revenue, reputation, and operations, rather than technical metrics.”

What will organizations expect CISOs to handle during cybersecurity incidents by 2027?
Provide executive-level updates	70 percent
Lead incident response	68 percent
Ensure regulatory compliance	61 percent
Oversee technical containment	60 percent
Manage communication strategy	56 percent
Coordinate with legal teams	49 percent
Engage with external partners	49 percent

The Cytactic report findings echo previous research about disconnects between senior leaders around security. Two in five CIOs (39 percent) reported being misaligned with their CEO on key decision-making, according to Netskope’s report, Crucial Conversations: How to Achieve CIO-CEO Alignment in the Era of AI. More worryingly, 31 percent of CIOs aren’t confident they know what their executive really wants, and 34 percent don’t feel empowered to make long-term strategic calls.

But what do CEOs really want? They have a tall order for senior information and security leaders: be technically expert but focused on business outcomes, stay future-facing but concerned with today’s priorities, be collaborative across the business but not domineering or step on the toes of other departments, and be visionary and strategic but also hands-on and detail-oriented. CIOs must navigate those paradoxes, all while responding to a growing number of cybersecurity incidents and a rapidly changing technology landscape.

The research found that “CEOs expect their CIO to lay out the options, the risk levels, and the trade-offs, so decisions are made confidently and in advance of the crisis,” says Mike Anderson, chief digital and information officer at Netskope. “When risk becomes a shared conversation rather than a surprise, incident response becomes coordinated rather than chaotic.”

CIOs are trying to keep up and shift focus to broader strategic priorities outside of IT, but only 34 percent actually are managing it. Meanwhile, 40 percent of CIOs said they need to be more aware of business strategy and objectives today than they did in the past, and 37 percent think that technology expertise is now less important than business strategy and stakeholder management, the Netskope report said.

CEOs want their CIOs to help explain and justify the right approach to managing cybersecurity risks, but this requires CIOs to communicate in plain and non-technical terms, the report added.

“Having an open dialog on impact if an incident applied to your company or not is a good place to start,” adds James Robinson, CISO at Netskope. “This plays into the ‘never waste an incident’ saying most CIOs/CISOs know, however many do not leverage outside, non-applicable incidents. Moving the conversation from fear, uncertainty, and doubt to reality is key, and by outlining the impact in business terms, sharing how the areas where the risk would have applied, and the impact in hours, dollars, or failed service delivery can better support the conversation.”

ASIS Resources

If you need some additional resources on how to communicate about business value around cybersecurity, technology investments, and incident response, check out these ASIS and Security Management resources: