CISO role first appeared in 1995, and its duties have changed over the years as CISOs have become more common in enterprises. IT has evolved into a highly siloed function, which means very few IT shops have someone sitting at the top who has comprehensive knowledge of all systems and how they interact. Security teams have the security requirement, but it’s generally the IT operations teams that have the responsibility for it. Gaining visibility into the infrastructure whether it involves assets, network identities, or applications and services requires a unified, holistic approach. An enterprises security posture is created by the security program that is built on top of the core IT infrastructure.”]
Source: https://www.darkreading.com/careers-and-people/why-cios-should-be-reporting-to-cisos