Netskope recently published new global research that finds that shifts in the cyber threats landscape have changed the way today’s Chief Information Security Officers (CISO) evaluate their business’ risk appetite. Specifically, 92% of CISOs report that these changes are creating tensions with their CEO and other members of the C-suite, and two-thirds (66%) say they are “walking a tightrope” between what the business wants and what makes sense from a security perspective.
The research surveyed more than 1,000 CISOs around the world to explore the evolution of the CISO role as a strategic member of the executive team. Contradicting legacy stereotypes of the CISO as inherently risk averse, only 16% of today’s CISOs classified their current risk appetite as low. In fact, CISOs see their CEOs as much more risk averse than themselves, with twice as many respondents (32%) perceiving their CEO as having a low-risk appetite.
Other findings expand upon the changing role of the CISO:
-
Over half of the CISOs who participated in the research (57%) said their appetite for risk has increased in the last five years. This may be despite the increasing volume and sophistication of cyber threats, or because of it: 74% state that a first-hand experience of a cyber security incident was important in impacting their risk comfort levels.
-
Better access to data and analytics (76%) was the top reason given for their shift in risk appetite.
-
Two thirds of CISOs (65%) now describe their responsibility in terms of improving business resilience, rather than managing cyber risk.
-
However, 23% of participating CISOs strongly agree that other members of the C-suite currently fail to see that the CISO role makes innovation possible.
