CISOs reporting to CEOs can solve numerous cybersecurity problems. CISOs can manage their own budget and respond faster to market conditions when given more autonomy. And yet, only 21% of European CISOs (or senior-most information security decision-makers) report to CEOs and 40% still report into CIOs. Europe is falling behind other regions in promoting CISOs to the executive level, where security gets more attention and focus. With the upcoming NIS2 Directive, reporting lines need to be reviewed to alleviate pressure on CIOs and allow boards to demonstrate they are sufficiently managing their cyber risk.