- Over half (57%) of CISOs report increasing cyber risk
appetites with (49%) reporting a good risk appetite
- A third of CISOs see their CEOs as much more risk
averse than themselves, with (32%) reporting working with a CEO who
has a low risk appetite
- 92% of CISOs report differing attitudes to risk are causing
tension with the wider C-Suite
- 66% describe themselves as 'walking a tightrope' between
what the business wants and what makes sense from a security
perspective
SANTA
CLARA, Calif., June 25,
2024 /PRNewswire/ -- Netskope, a leader in
Secure Access Service Edge (SASE), today published new global
research that finds that shifts in the cyber threats landscape have
changed the way today's Chief Information Security Officers (CISO)
evaluate their business' risk appetite. Specifically, 92% of CISOs
report that these changes are creating tensions with their CEO and
other members of the C-suite, and two-thirds (66%) say they are
"walking a tightrope" between what the business wants and what
makes sense from a security perspective.
The research surveyed more than 1,000 CISOs around the world to
explore the evolution of the CISO role as a strategic member of the
executive team. Contradicting legacy stereotypes of the CISO as
inherently risk averse, only 16% of today's CISOs classified their
current risk appetite as low. In fact, CISOs see their CEOs as much
more risk averse than themselves, with twice as many respondents
(32%) perceiving their CEO as having a low-risk appetite.
Other findings expand upon the changing role of the CISO:
- Over half of the CISOs who participated in the research
(57%) said their appetite for risk has increased in the last five
years. This may be despite the increasing volume and sophistication
of cyber threats, or because of it: 74% state that a first-hand
experience of a cyber security incident was important in impacting
their risk comfort levels.
- Better access to data and analytics (76%) was the top reason
given for their shift in risk appetite.
- Two thirds of CISOs (65%) now describe their
responsibility in terms of improving business resilience, rather
than managing cyber risk.
- However, 23% of participating CISOs strongly agree that other
members of the C-suite currently fail to see that the CISO role
makes innovation possible.
The rise of the progressive CISO
Two thirds (65%) of CISOs surveyed believe the CISO role is
changing rapidly, and they report becoming more proactive and
progressive, a trend driven by the adoption of modern technology
that creates new possibilities for driving innovation and business
impact:
- Just 36% of CISOs see themselves playing a "protector"
role primarily focused on defending the organization.
- In contrast, 59% of CISOs now consider themselves to be
business enablers, with 67% stating that they want to play an even
more active role going forward.
- 66% wish they could say "yes" to the business more often.
James Robinson, Netskope's own
CISO commented:
"The research makes it clear that CISOs are
generally hungry to play a more proactive role that enables
innovation while also protecting the business. In my experience,
the best way to make CISOs more proactive partners across the
C-suite is to gain deep understanding of the business challenges
C-suite colleagues are focused on solving and align those to
security strategies, rather than attempt to assert security
strategy - or individual technology choices - on what is perceived
to be C-suite risk appetite."
"Too often this alignment doesn't occur among
enterprise teams. But CISOs who are able to define the ways in
which they are helping their C-suite peers to acquire new revenues,
drive efficiencies, and navigate regulatory requirements will be
recognized as valuable contributors at the highest levels."
Discussing the research, Steve
Riley, Field CTO at Netskope, said:
"With business technology and cyber threats
evolving at a faster pace than ever, it is encouraging to see that
CISOs are increasingly progressive in their thinking. CISOs clearly
no longer feel the need to lock down access completely if it is to
the detriment of the business."
"However, our findings show that the wider
C-suite is not always ready for CISOs to break out of their
traditional role as the protector of the business. To truly enable
secure innovation and business transformation, security leaders
need to bring their colleagues on the journey with them and help
them to understand how buzz phrases like zero trust actually
contribute to strategies that strike a balance between staying
secure and getting work done."
The research was conducted on behalf of Netskope by Censuswide
and interviewed 1,031 CISOs worldwide across five markets (UK,
North America, France, Germany, Japan) in a wide range of sectors including
healthcare, retail, finance, and industry.
Please find the full report including additional insights into
CISOs attitudes of industry trends here.
About Netskope
Netskope, a global SASE leader, helps
organizations apply zero trust principles and AI/ML innovations to
protect data and defend against cyber threats. Fast and easy to
use, the Netskope One platform and its patented Zero Trust Engine
provide optimized access and real-time security for people,
devices, and data anywhere they go. Thousands of customers trust
Netskope and its powerful NewEdge network to reduce risk and gain
unrivaled visibility into any cloud, web, and private application
activity—providing security and accelerating performance without
trade-offs. Learn more at netskope.com.
Media Contact:
press@netskope.com
View original content to download
multimedia:https://www.prnewswire.com/news-releases/cisos-growing-more-comfortable-with-risk-but-better-c-suite-alignment-needed-netskope-research-302180501.html
SOURCE Netskope