Traditionally, Chief Information Security Officers (CISOs) have been the vigilant protectors of enterprise security, and for the last decade, CISOs have been gradually adapting their roles as business has become increasingly digitized and data driven. CISOs are no longer limited to back office support functions but have stepped forward to take their place in broader business discussions and decision-making.
In the last Netskope study conducted with 1,031 CISOs globally (here), the data shines a light on this change showing that the modern CISO has now found their way out from under the wing of the wider executive team and is ready to help contribute to the business’ objectives, enabling growth and innovation, indicating a important transformative shift.
- 59% of CISOs now see themselves as business enablers.
- Over half are more willing to take risks to align security with business goals.
- More than two-thirds aim to actively drive business growth.
The Changing Face of Information Security Leadership
Gone are the days when CISOs were simply seen as the bearers of bad news or the "Department of No." The research reveals that 65% of CISOs believe their role is changing rapidly, with 59% now viewing themselves as business enablers. This shift reflects a growing understanding of the strategic importance of cybersecurity in driving innovation and growth.
Key findings include:
A - Increased Risk Appetite: Surprisingly, 57% of CISOs report that their appetite for risk has increased in recent years. This change is attributed to various factors, including:
- Better access to data and analytics (76%)
- First-hand experience with cybersecurity incidents (74%)
- Adoption of zero trust principles (73%)
B - Balancing Act: The modern CISO's role is increasingly complex, with 70% viewing it as a balancing act between enabling business growth and ensuring security. Two-thirds (66%) feel they are "walking a tightrope" between business demands and security requirements.
C - Evolving Self-Perception: CISOs are redefining their professional identity. While 36% currently see themselves as "protectors," many anticipate shifting towards roles as "designers" shaping workforce culture or "navigators" driving organisational direction in the next two years.
Challenges in C-Suite Alignment
Despite this evolution, CISOs face challenges in aligning their new role with the perceptions of their C-suite colleagues:
- 65% of CISOs believe other C-suite members fail to see how they contribute to innovation.
- 92% report that conflicting risk appetites within the C-suite is an issue, with 32% saying it causes frequent conflicts.
- Only 66% of CISOs feel they are perceived as business enablers by other business leaders.
These misalignments highlight the need for better communication and understanding between CISOs and their executive peers.
The Promise of Zero Trust
The report identifies the zero trust security model as a potential solution to many of the challenges faced by modern CISOs:
- 55% of CISOs believe a zero trust approach will help them balance conflicting priorities better.
- Majorities agree that zero trust enables organizations to move faster (59%), encourage innovation (58%), and increase flexibility (58%).
- CISOs point to the adoption of zero trust as the most significant factor in organizations becoming more open and flexible over the next two years.
However, implementation lags behind enthusiasm:
- Only 44% of organizations currently operate with zero trust principles.
- 51% of CISOs state that their executive team or board doesn't fully understand what zero trust means, despite 58% reporting that their executive team is asking about it.
Looking to the Future
The Netskope study report suggests that CISOs anticipate becoming more decisive in their decision-making over the next two years. They expect to shift towards more open and flexible approaches in areas like workforce productivity, business innovation, and organizational agility.
The modern CISO is at a crossroads, evolving from a purely defensive role to that of a strategic business enabler. This transformation presents both opportunities and challenges. To fully leverage the potential of today's CISOs, organizations should:
- Foster better understanding of the CISO role among executive leadership.
- Align risk appetites and security strategies across the C-suite.
- Explore innovative approaches like zero trust to enhance both security and business agility.
- Empower CISOs to contribute more actively to business innovation and growth strategies.
As cyber threats continue to evolve and digital transformation accelerates, the CISO's ability to balance security with business enablement will be crucial for organizational success. The future belongs to those CISOs who can effectively navigate this complex landscape, driving innovation while ensuring robust protection of their organization's digital assets.
*The research was conducted on behalf of Netskope by Censuswide and interviewed 1,031 CISOs worldwide across five markets (UK, North America, France, Germany, Japan) in a wide range of sectors including healthcare, retail, finance and industry.
Please find the full report including additional insights into CISOs attitudes of industry trends here.