Chief Information Security Officers (CISOs) are showing an increased appetite for risk in a fast changing cyber threat scenario, but a recent Netskope analysis emphasizes the need for improved alignment with the larger C-suite. Significant stress is being caused by the rising difference in risk attitudes between CISOs and other executive members, according to this global study that polled over one thousand CISOs globally.
The study highlights that 57% of CISOs have reported an increase in their cyber risk appetites, with nearly half (49%) indicating they possess a strong tolerance for risk. This shift is partly driven by direct experiences with cybersecurity incidents, which 74% of respondents identified as crucial in shaping their comfort levels with risk. Moreover, 76% attribute their evolving risk appetite to improved access to data and analytics, which has enhanced their decision-making capabilities.
Contrary to traditional perceptions, only 16% of CISOs now classify their risk appetite as low. However, this evolving stance is not always shared by their counterparts in the C-suite. A third of CISOs perceive their CEOs as significantly more risk-averse, with 32% describing their CEOs as having a low tolerance for risk. This discrepancy is contributing to a sense of discord, according to the report, with 92% of CISOs reporting that differing attitudes towards risk are causing friction within the executive team.
The tension is further exacerbated by the balancing act that CISOs must perform. Two-thirds of the respondents (66%) describe themselves as ‘walking a tightrope’ between fulfilling business demands and maintaining robust security protocols. This precarious position underscores the broader challenge CISOs face in aligning security objectives with business goals.
James Robinson, Netskope’s CISO, notes the importance of integrating security strategies with business objectives to foster a more collaborative relationship across the C-suite. He emphasizes that CISOs who can articulate how their efforts support revenue generation, efficiency improvements, and regulatory compliance will be better positioned as valuable strategic partners.
Changing Role of the CISO
The Netskope report also sheds light on the changing role of the CISO. Traditionally seen as defenders of the organization, only 36% of CISOs now view their role in this light. Instead, 59% identify themselves as business enablers, with a substantial 67% expressing a desire to take on an even more active role in driving business innovation. Additionally, 66% wish they could align more closely with business goals, reflecting a broader trend towards proactive engagement.
Steve Riley, Netskope’s Field CTO, highlights that as technology and cyber threats continue to evolve at an unprecedented pace, CISOs are adopting a more progressive approach. They are moving away from a purely protective stance to one that balances security with business agility. This evolution, however, is not always mirrored by their peers in the C-suite, who may still view the CISO role through a traditional lens.
For CISOs to truly enable secure innovation and business transformation, they must bring their executive colleagues along on this journey. This involves demystifying complex security concepts and demonstrating how strategies like zero trust contribute to achieving business objectives without compromising security.
The research, conducted by Censuswide on behalf of Netskope, involved CISOs from diverse sectors including healthcare, retail, finance, and industry across the UK, North America, France, Germany, and Japan. The findings would underscore the dynamic nature of the CISO role and the critical need for enhanced alignment within the executive team to navigate the complexities of the modern cyber threat landscape.
As a provider of Secure Access Service Edge (SASE), Netskope continues to assist enterprises in implementing zero trust guidelines and utilizing AI/ML advancements to protect data and thwart cyberattacks. Thousands of clients worldwide would rely on their Netskope One platform and Zero Trust Engine to provide optimal access and real-time security, lower risk, and improve visibility across cloud, web, and private applications.
