Netskope, a Secure Access Service Edge (SASE) company, has released new global research highlighting how the evolving cyber threat landscape is reshaping Chief Information Security Officers’ (CISOs) approach to risk. According to the study, 92% of CISOs report increasing tensions with their CEO and other C-suite members due to these changes, with two-thirds (66%) feeling they are “walking a tightrope” between business demands and security necessities.
The research, surveying over 1,000 CISOs worldwide, reveals a shift in the CISO role towards being a strategic part of the executive team. Contrary to the traditional view of CISOs as highly risk-averse, only 16% currently classify their risk appetite as low. Interestingly, CISOs perceive their CEOs as significantly more risk-averse, with 32% identifying their CEO’s risk appetite as low.
Key Findings on the Changing CISO Role:
– Increased Risk Appetite: 57% of CISOs report a higher risk tolerance over the past five years, influenced by their direct experiences with cybersecurity incidents (74%).
– Data and Analytics Access: 76% attribute their evolving risk perspective to improved data and analytics capabilities.
– Focus on Business Resilience: 65% now describe their role as enhancing business resilience rather than solely managing cyber risk.
– C-Suite Perception Gaps: 23% strongly agree that other C-suite members do not recognize the CISO role’s potential to drive innovation.
The Emergence of the Progressive CISO
The study also indicates a shift towards a more proactive and progressive CISO role, fueled by modern technology adoption that enables innovation and business impact:
– Role Evolution: Only 36% see themselves primarily as defenders, while 59% view their role as business enablers, with 67% aspiring to increase this aspect.
– Desire for Flexibility: 66% wish to approve more business initiatives.
James Robinson, Netskope’s CISO, emphasized the importance of aligning security strategies with business challenges to foster proactive partnerships within the C-suite. He noted that CISOs who demonstrate how their efforts support revenue generation, efficiency improvements, and regulatory compliance are more likely to be valued as strategic contributors.
Steve Riley, Netskope’s Field CTO, highlighted that while CISOs are becoming more progressive, the broader C-suite often resists moving beyond the traditional protector role. He stressed the need for security leaders to educate their colleagues on how modern security strategies, like zero trust, can balance security with business productivity.
The research, conducted by Censuswide, interviewed 1,031 CISOs across the UK, North America, France, Germany, and Japan, spanning sectors such as healthcare, retail, finance, and industry.