In February 2012, the revised “Information and Communication Network Act” introduced the executive-level appointment system for the Chief Information Security Officer (CISO). However, even after a decade, many public institutions and private companies still fail to recognize the significance of CISO or have the Chief X Officers (CXOs) take on CISO responsibilities concurrently, resulting in inadequate performance of CISO duties. This study aims to investigate the impact of CISO's dual role on obtaining information security certifications by analyzing data from companies that have submitted information security disclosure documents. Additionally, it seeks to examine whether there are differences in information security investment and workforce depending on the dual role of CISO. Furthermore, the study explores CXOs with high rates of dual roles to distinguish their responsibilities and identify any issues that may arise from such dual appointments. Results of this study are expected to help companies strengthen their information security by considering appropriate role allocation, clear definition of roles and responsibilities, and address potential problems associated with dual appointments.