{"id":224348,"date":"2026-06-02T09:03:00","date_gmt":"2026-06-02T13:03:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/02\/turning-tension-into-collaboration-how-cios-and-cisos-can-lead-together\/"},"modified":"2026-06-02T09:05:18","modified_gmt":"2026-06-02T13:05:18","slug":"turning-tension-into-collaboration-how-cios-and-cisos-can-lead-together","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/02\/turning-tension-into-collaboration-how-cios-and-cisos-can-lead-together\/","title":{"rendered":"Turning tension into collaboration: How CIOs and CISOs can lead together"},"content":{"rendered":"<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/turning-tension-into-collaboration-how-cios-cisos-can-lead-together\/821610\/\">Turning tension into collaboration: How CIOs and CISOs can lead together<\/a><\/p>\n<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/turning-tension-into-collaboration-how-cios-cisos-can-lead-together\/821610\/\">https:\/\/www.cybersecuritydive.com\/news\/turning-tension-into-collaboration-how-cios-cisos-can-lead-together\/821610\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-02 09:03:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.cybersecuritydive.com\">www.cybersecuritydive.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>The relationship between the CIO and the CISO has long been defined by friction. It is often framed as a structural conflict, with CIOs pushing for speed, scale and innovation and CISOs pulling toward control, constraint and cyber risk reduction.<br \/>\nIn practice, this tension is real. But the problem is not that it exists: the problem is how it is managed.<br \/>\nFor many organizations, this dynamic has drifted into something more corrosive. Security leaders report feeling pressure to downplay risk, while IT leaders often are perceived as shifting accountability rather than owning it. <\/p>\n<p>These patterns do not just create internal dysfunction. They also expose the enterprise to unnecessary cyber risk, particularly at a time when technology adoption is accelerating and the consequences of misalignment are more immediate and visible.<br \/>\nThe instinct in these situations is often to reduce tension, smooth over disagreements and create harmony. That\u2019s understandable, but it\u2019s also misguided. Cybersecurity is a control function and meant to introduce friction. When there is no tension, it is usually because difficult questions are not being asked or because risk is being accepted implicitly rather than deliberately. The goal is not to eliminate tension; it\u2019s to make it constructive.<br \/>\nEmbracing accountability with CISOs and CIOs<br \/>\nAt its best, constructive tension sharpens decision-making. It ensures that innovation is pursued within defined boundaries rather than at the expense of them. It allows organizations to move quickly without losing sight of what matters most.<br \/>\nFor CIOs, this means innovation does not outpace their ability to manage exposure. For CISOs, it means security remains relevant to how the business actually operates, rather than becoming an abstract constraint.<br \/>\nThe foundation of this approach is clarity of accountability. One of the most persistent sources of conflict between CIOs and CISOs is ambiguity over who ultimately owns risk.<br \/>\nIn practice, shared digital assets, systems, and data sit within the CIO\u2019s domain. That makes the CIO the proxy owner of the risk tied to those assets. The CISO\u2019s role is not to \u201cown\u201d that cyber risk, but to advise, challenge and provide assurance that risk decisions are informed and defensible.<\/p>\n<p>This distinction is subtle but important. When accountability is unclear, decisions stall or become politicized. When it is clear, productive tension emerges. The CISO can push back on decisions that introduce unacceptable cyber exposure, while the CIO retains authority to balance risk with business priorities.<br \/>\nCodifying this relationship through formal governance, ideally with executive endorsement, removes ambiguity and sets the stage for more effective collaboration.<br \/>\nCollaborative risk management processes<br \/>\nAccountability alone, however, is not enough. Organizations also need a structured way to make and manage risk decisions together. A collaborative risk management process provides that structure. It allows both leaders to bring forward their perspectives, assess trade-offs and resolve disagreements with defined escalation and exemption mechanisms. Without this, disagreements either linger unresolved or are settled informally, often in ways that favor speed over sound judgment.<br \/>\nAn independent governance layer further strengthens this model: a cybersecurity steering committee, composed of cross-functional stakeholders, can provide a neutral forum to resolve conflicts and arbitrate complex decisions. This body should not, however, be owned by either the CIO or the CISO. That ensures decisions will more likely to reflect enterprise priorities rather than individual agendas.<br \/>\nUnderlying all of this is the simplest and often most overlooked requirement: consistent dialogue. Regular, structured communication between the CIO and CISO is what turns governance into practice. Weekly conversations about current risks, upcoming initiatives and operational challenges create a shared understanding that prevents issues from escalating unnecessarily. More importantly, it builds trust, which is essential when leaders must challenge each other in high-stakes situations.<br \/>\nHow to measure successful CIO\/CISO relationships<br \/>\nSo, after all of this has been implemented and CIOs and CISOs are ready to tackle their new relationship from a different perspective, how do you know if it is actually working?<br \/>\nThere are a few simple ways to gauge success, including:<\/p>\n<p>Measuring the number of cyber risk conflicts between the CIO and CISO being escalated to the cybersecurity steering committee and\/or chief risk officer. A reduced number means more conflicts are being addressed earlier.<br \/>\nMeasuring the number of unacceptable cyber risks tracked through the risk register. A lower number here means the system is working. <\/p>\n<p>The benefits of getting this balance right extend beyond risk reduction. Organizations that manage CIO-CISO tension effectively are able to move faster with greater confidence. Security becomes an enabler of innovation rather than a constraint because it is embedded in decision-making rather than applied after the fact. At the same time, IT initiatives are more resilient because they are shaped with an explicit understanding of cyber risk from the outset.<br \/>\nTom Scholtz is a distinguished VP analyst who advises clients on security management strategies and trends, and is an acknowledged authority on information security governance, security strategy, security organizational dynamics and security management processes. Gartner analysts will provide additional insights for security and risk management leaders at the Gartner Security &#038; Risk Management Summits, taking place June 1-3 in National Harbor, Md., July 22-24 in Tokyo, Aug. 4-5 in Sao Paulo and Sept. 22-24 in London. Follow news and updates from the conferences on X and LinkedIn using #GartnerSEC.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Turning tension into collaboration: How CIOs and CISOs can lead together https:\/\/www.cybersecuritydive.com\/news\/turning-tension-into-collaboration-how-cios-cisos-can-lead-together\/821610\/ Publish Date: 2026-06-02&#8230;<\/p>\n","protected":false},"author":1,"featured_media":224349,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/frxo0dvtrYG5168vnxuV8JYjWfJnIG-NiIEP_twNfVI\/g:ce\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9HZXR0eUltYWdlcy0xMTg3MTc5MTcxLmpwZw==.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24],"class_list":["post-224348","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/224348"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=224348"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/224348\/revisions"}],"predecessor-version":[{"id":224350,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/224348\/revisions\/224350"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/224349"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=224348"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=224348"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=224348"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}