Over half (57%) of chief information security officers (CISOs) canvassed in a recent global survey report a growing appetite for cyber risk, with 49% indicating a strong inclination towards accepting more risk. This shift reflects a significant change in the way CISOs evaluate their business’s risk posture in the face of evolving cyber threats, according to Netskope, who commissioned the report.
The survey, which involved over 1,000 CISOs globally, revealed that 92% of CISOs experience tension with their CEO and other c-suite members due to differing attitudes towards risk. A notable 66% describe themselves as “walking a tightrope” between fulfilling business demands and maintaining security standards. James Robinson, Netskope’s CISO, commented: “The research makes it clear that CISOs are generally hungry to play a more proactive role that enables innovation while also protecting the business.”
CISO perceptions of risk
Contrary to the traditional view of CISOs as risk-averse, only 16% currently identify with a low-risk appetite. In fact, a third (32%) see their CEOs as more risk-averse than themselves. This disparity highlights a critical challenge in aligning security strategies with broader business goals. “In my experience, the best way to make CISOs more proactive partners across the c-suite is to gain a deep understanding of the business challenges C-suite colleagues are focused on solving and align those to security strategies,” added Robinson.
Several factors contribute to the increased risk appetite among CISOs. Improved access to data and analytics is cited by 76% of respondents as the primary driver. Additionally, 74% attribute their heightened comfort with risk to firsthand experiences with cybersecurity incidents. Over half (57%) acknowledge that their risk tolerance has increased over the past five years, despite the growing sophistication of cyber threats.
The evolving CISO Role
The role of the CISO is also rapidly transforming. Two-thirds (65%) of CISOs now view their primary responsibility as enhancing business resilience rather than merely managing cyber risk. This progressive outlook is driven by the adoption of modern technologies that facilitate innovation and business impact. Only 36% see themselves primarily as protectors, while 59% consider themselves business enablers. A significant 67% of CISOs express a desire to play a more active role in business strategy, with 66% wishing they could say “yes” to the business more often.
However, 23% strongly agree that their contributions to innovation are not fully recognised by other C-suite members. “Too often this alignment doesn’t occur among enterprise teams. But CISOs who are able to define the ways in which they are helping their C-suite peers to acquire new revenues, drive efficiencies, and navigate regulatory requirements will be recognized as valuable contributors at the highest levels,” noted Robinson.
The rise of the progressive CISO
Steve Riley, field CTO at Netskope, remarked of the results: “With business technology and cyber threats evolving at a faster pace than ever, it is encouraging to see that CISOs are increasingly progressive in their thinking. CISOs clearly no longer feel the need to lock down access completely if it is to the detriment of the business.”
Content from our partners
“However, our findings show that the wider C-suite is not always ready for CISOs to break out of their traditional role as the protector of the business. To truly enable secure innovation and business transformation, security leaders need to bring their colleagues on the journey with them and help them to understand how buzz phrases like zero trust actually contribute to strategies that strike a balance between staying secure and getting work done.”
The Netskope research, conducted by Censuswide, interviewed 1,031 CISOs from the UK, North America, France, Germany, and Japan, across sectors including healthcare, retail, finance, and industry.
