– Over half (57%) of CISOs report an increased risk appetite, with 49% indicating a healthy risk tolerance.
– A third of CISOs find their CEOs to be more risk-averse, with 32% working with CEOs who have a low risk appetite.
– 92% of CISOs experience tension with the C-Suite due to differing risk attitudes.
– 66% feel they are “walking a tightrope” between business desires and security necessities.
Bangalore, India. June 28, 2024 — Netskope, a leader in Secure Access Service Edge (SASE), has published global research revealing how changes in the cyber threat landscape are reshaping Chief Information Security Officers’ (CISOs) evaluation of business risk appetite. The study found that 92% of CISOs report tensions with their CEO and other C-suite members, with two-thirds (66%) feeling they are balancing business demands with security considerations.
Surveying over 1,000 CISOs worldwide, the research explores the evolving role of CISOs as strategic executive team members. Contrary to the stereotype of risk-averse CISOs, only 16% of respondents currently have a low risk appetite. Many CISOs view their CEOs as more risk-averse, with 32% perceiving their CEOs as having a low risk tolerance.
Key findings include:
– Over half of CISOs (57%) have seen their risk appetite increase over the past five years. This shift may be influenced by the growing complexity of cyber threats, with 74% citing firsthand cyber incident experiences as crucial in shaping their risk comfort levels.
– Improved access to data and analytics (76%) is the primary reason for the shift in risk appetite.
– Two-thirds of CISOs (65%) now define their role in terms of enhancing business resilience rather than merely managing cyber risk.
– However, 23% of CISOs strongly agree that other C-suite members fail to recognize the role of CISOs in facilitating innovation.
**The Progressive CISO**
The research highlights a shift towards a more proactive and progressive CISO role, driven by modern technology adoption:
– Only 36% of CISOs see themselves primarily as protectors of the organization.
– In contrast, 59% view themselves as business enablers, with 67% aspiring to play a more active role.
– 66% wish they could agree to business requests more frequently.
James Robinson, Netskope’s CISO, noted that CISOs are eager to enable innovation while protecting the business. He emphasized the importance of understanding business challenges and aligning security strategies with them, rather than imposing security measures based on perceived C-suite risk appetite.
Steve Riley, Field CTO at Netskope, added that the evolving business technology and cyber threat landscape is encouraging CISOs to adopt a progressive mindset. However, the broader C-suite is not always prepared for CISOs to step beyond their traditional protective role. Security leaders need to guide their colleagues through this transition, demonstrating how concepts like zero trust support balanced security and productivity strategies.
The research, conducted by Censuswide on behalf of Netskope, interviewed 1,031 CISOs across the UK, North America, France, Germany, and Japan, covering sectors such as healthcare, retail, finance, and industry.