-
Over half (57%) of CISOs report increasing cyber risk appetites, with 49% reporting a good risk appetite.
-
A third of CISOs see their CEOs as much more risk-averse than themselves, with 32% reporting working with a CEO who has a low-risk appetite.
-
92% of CISOs report differing attitudes toward risk that are causing tension with the wider C-Suite.
-
66% describe themselves as ‘walking a tightrope’ between what the business wants and what makes sense from a security perspective.
Bangalore, India. June 27, 2024: Netskope, a leader in Secure Access Service Edge (SASE), today published new global research that finds that shifts in the cyber threat landscape have changed the way today’s Chief Information Security Officers (CISOs) evaluate their businesses’ risk appetite. Specifically, 92% of CISOs report that these changes are creating tensions with their CEO and other members of the C-suite, and two-thirds (66%) say they are “walking a tightrope” between what the business wants and what makes sense from a security perspective.
The research surveyed more than 1,000 CISOs around the world to explore the evolution of the CISO role as a strategic member of the executive team. Contradicting legacy stereotypes of the CISO as inherently risk-averse, only 16% of today’s CISOs classified their current risk appetite as low. In fact, CISOs see their CEOs as much more risk-averse than themselves, with twice as many respondents (32%) perceiving their CEO as having a low risk appetite.
Other findings expand upon the changing role of the CISO:
- Over half of the CISOs who participated in the research (57%) said their appetite for risk has increased in the last five years. This may be despite the increasing volume and sophistication of cyber threats, or because of it: 74% state that a first-hand experience of a cyber security incident was important in impacting their risk comfort levels.
- Better access to data and analytics (76%) was the top reason given for their shift in risk appetite.
- Two-thirds of CISOs (65%) now describe their responsibility in terms of improving business resilience rather than managing cyber risk.
- However, 23% of participating CISOs strongly agree that other members of the C-suite currently fail to see that the CISO role makes innovation possible.
The rise of the progressive CISO
Two-thirds (65%) of CISOs surveyed believe the CISO role is changing rapidly, and they report becoming more proactive and progressive, a trend driven by the adoption of modern technology that creates new possibilities for driving innovation and business impact.
- Just 36% of CISOs see themselves as playing a “protector” role primarily focused on defending the organization.
- In contrast, 59% of CISOs now consider themselves to be business enablers, with 67% stating that they want to play an even more active role going forward.
- 66% wish they could say “yes” to the business more often.
James Robinson, Netskope’s own CISO, commented:
“The research makes it clear that CISOs are generally hungry to play a more proactive role that enables innovation while also protecting the business. In my experience, the best way to make CISOs more proactive partners across the C-suite is to gain a deep understanding of the business challenges C-suite colleagues are focused on solving and align those to security strategies, rather than attempt to assert security strategy—or individual technology choices—based on what is perceived to be C-suite risk appetite.
“Too often, this alignment doesn’t occur among enterprise teams. But CISOs who are able to define the ways in which they are helping their C-suite peers acquire new revenues, drive efficiencies, and navigate regulatory requirements will be recognized as valuable contributors at the highest levels.”
Discussing the research, Steve Riley, Field CTO at Netskope, said:
“With business technology and cyber threats evolving at a faster pace than ever, it is encouraging to see that CISOs are increasingly progressive in their thinking. CISOs clearly no longer feel the need to lock down access completely if it is to the detriment of the business.
“However, our findings show that the wider C-suite is not always ready for CISOs to break out of their traditional role as the protector of the business. To truly enable secure innovation and business transformation, security leaders need to bring their colleagues on the journey with them and help them understand how buzz phrases like zero trust actually contribute to strategies that strike a balance between staying secure and getting work done.”
The research was conducted on behalf of Netskope by Censuswide and interviewed 1,031 CISOs worldwide across five markets (UK, North America, France, Germany, and Japan) in a wide range of sectors, including healthcare, retail, finance, and industry.
Please find the full report, including additional insights into CISOs attitudes toward industry trends, here.
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.
