View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

CISOs embracing risk, but c-suite alignment remains a challenge

New survey highlights widespread CISO ambition to play more active role in business strategy, but benefits of their participation still often ignored

By Tech Monitor Staff

Over half (57%) of chief information security officers (CISOs) canvassed in a recent global survey report a growing appetite for cyber risk, with 49% indicating a strong inclination towards accepting more risk. This shift reflects a significant change in the way CISOs evaluate their business’s risk posture in the face of evolving cyber threats, according to Netskope, who commissioned the report.

Jenga CISO risk
The vast majority of CISOs say differing attitudes towards risk cause tensions in the boardroom. (Image by Roman Samborskyi/Shutterstock)

The survey, which involved over 1,000 CISOs globally, revealed that 92% of CISOs experience tension with their CEO and other c-suite members due to differing attitudes towards risk. A notable 66% describe themselves as “walking a tightrope” between fulfilling business demands and maintaining security standards. James Robinson, Netskope’s CISO, commented: “The research makes it clear that CISOs are generally hungry to play a more proactive role that enables innovation while also protecting the business.”

CISO perceptions of risk

Contrary to the traditional view of CISOs as risk-averse, only 16% currently identify with a low-risk appetite. In fact, a third (32%) see their CEOs as more risk-averse than themselves. This disparity highlights a critical challenge in aligning security strategies with broader business goals. “In my experience, the best way to make CISOs more proactive partners across the c-suite is to gain a deep understanding of the business challenges C-suite colleagues are focused on solving and align those to security strategies,” added Robinson.

Several factors contribute to the increased risk appetite among CISOs. Improved access to data and analytics is cited by 76% of respondents as the primary driver. Additionally, 74% attribute their heightened comfort with risk to firsthand experiences with cybersecurity incidents. Over half (57%) acknowledge that their risk tolerance has increased over the past five years, despite the growing sophistication of cyber threats.

The evolving CISO Role

The role of the CISO is also rapidly transforming. Two-thirds (65%) of CISOs now view their primary responsibility as enhancing business resilience rather than merely managing cyber risk. This progressive outlook is driven by the adoption of modern technologies that facilitate innovation and business impact. Only 36% see themselves primarily as protectors, while 59% consider themselves business enablers. A significant 67% of CISOs express a desire to play a more active role in business strategy, with 66% wishing they could say “yes” to the business more often.

However, 23% strongly agree that their contributions to innovation are not fully recognised by other C-suite members. “Too often this alignment doesn’t occur among enterprise teams. But CISOs who are able to define the ways in which they are helping their C-suite peers to acquire new revenues, drive efficiencies, and navigate regulatory requirements will be recognized as valuable contributors at the highest levels,” noted Robinson.

The rise of the progressive CISO

Steve Riley, field CTO at Netskope, remarked of the results: “With business technology and cyber threats evolving at a faster pace than ever, it is encouraging to see that CISOs are increasingly progressive in their thinking. CISOs clearly no longer feel the need to lock down access completely if it is to the detriment of the business.”

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

“However, our findings show that the wider C-suite is not always ready for CISOs to break out of their traditional role as the protector of the business. To truly enable secure innovation and business transformation, security leaders need to bring their colleagues on the journey with them and help them to understand how buzz phrases like zero trust actually contribute to strategies that strike a balance between staying secure and getting work done.”

The Netskope research, conducted by Censuswide, interviewed 1,031 CISOs from the UK, North America, France, Germany, and Japan, across sectors including healthcare, retail, finance, and industry.

Read more: Ransomware trends to prepare for in 2024

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.