From Compliance to Resilience: How CISOs and GCs Can Lead Together

Sep 29, 2025

From Compliance to Resilience: How CISOs and GCs Can Lead Together

Technology has gone from being a support function to the most important part of business in the last twenty years. Corporate ecosystems are now completely digital, very dependent on each other, and getting more regulated all the time. Cyber risk management and compliance are now top priorities for the board because of this change.

This change has changed the jobs of both Chief Information Security Officers (CISOs) and General Counsels (GCs). Their worlds are coming together, with shared duties in risk management, following the rules, and keeping operations running smoothly.

We at Dess Digital think this partnership is very important for good governance. CISOs and GCs can work together better, talk to the board more easily, and have a bigger impact on the organization’s resilience by using safe, collaborative platforms like Dess Digital Meetings.

The changing roles of CISOs and GCs:

CISOs go from being technical guardians to strategic advisors.

The modern CISO is more than just a tech expert. Boards expect CISOs to talk about cyber issues in terms of how they affect the business, how much money they can save, and how to protect revenue. CISOs become more powerful as strategic advisors, not just security enforcers, when they use the language of the boardroom.

GCs: From giving legal advice to being tech partners

GCs used to be mostly concerned with contracts and compliance, but now they are very important for understanding technology and supporting investments in cybersecurity. They help connect security strategy and legal responsibility by being able to understand rules and put risk in context. Along with CISOs, GCs give a full, balanced picture of risk.

Increasing pressure from regulators and board members’ responsibility.

Boards are more responsible now that rules like NIS2 and DORA put more emphasis on operational resilience and cyber oversight. Directors want more detailed reports, clearer action plans, and sharper insights.

This change puts CISOs and GCs in the spotlight. They have to not only protect the company but also help the board navigate a regulatory environment that is becoming more and more complicated.

Ways to improve collaboration between the CISO and the GC

Even though their jobs often overlap, many CISOs and GCs still work alone. To improve teamwork, leaders should focus on three main areas:

1. Build transparent, trust-based relationships

Open communication and mutual understanding are the foundation. Embedding legal and cybersecurity teams together, sharing incident responses, and aligning terminology fosters trust that pays off in crisis situations.

2. Conduct regular joint briefings

CISOs and GCs should exchange perspectives on identified risks regularly. Where the CISO highlights emerging cyber threats, the GC adds legal and organizational context. This shared view ensures decisions are aligned with both resilience and compliance.

3. Partner on compliance and due diligence

Regulations shouldn’t be viewed as hurdles but as opportunities to strengthen governance. CISOs can bring technical insights into strategic moves like acquisitions, while GCs ensure compliance frameworks are airtight. Together, they make a powerful case for investments in resilience and demonstrate maturity to external stakeholders.

Strengthening cyber resilience: The CISO-GC advantage

By collaborating closely, CISOs and GCs can not only protect their organizations but also elevate their own strategic influence. In a world where every company is a tech company, their partnership ensures that governance, security, and compliance move in lockstep.

With Dess Digital Meetings, boards, CISOs, and GCs can manage these responsibilities with clarity and confidence– enabling secure collaboration, transparent reporting, and smarter decision-making at every level.