Until recently, most security leaders were C-level in title only, proxied away from the executive leadership team and board of directors by reporting to IT leaders: CIOs, vice presidents, or IT directors. This report segments security leader reporting structures into three groups: IT, CEO-aligned, and risk-aligned using Forrester’s Security Survey, 2022. Reporting to the CEO unlocks security’s ability to contribute meaningfully to the company’s strategic objectives and leads to a better culture on security teams. Security leaders can use this report to compare how reporting structures impact security programs to make the argument that they should report directly to the CEO.