Risk appetites have grown for 81% of CISOs

Netskope has published a new report analyzing the evolution of the CISO role within the retail sector. ‘The Retail CISO: Bringing Balance’, is based on research with over 1,000 CISOs globally, and it explores the evolution of the retail sector CISO role as a strategic member of the executive team, comparing the sector to cross-sector averages to identify unique insights.

  • 4 weeks ago Posted in

81% of retail CISOs say their appetite for risk has grown in recent years (much higher than the cross-sector average of 57%), but all (100%) believe conflicting risk appetites in the C-suite are a major issue.

Less than 2% of retail sector CISOs classify their risk appetite as low

However, nearly a quarter (23%) would describe their CEOs’ risk appetite as low

Retail CISOs see interactions with the C-suite and business as a constant balancing act, with 47% reporting that most interactions are about risk and 53% countering that most are about opportunity

An overwhelming majority (98%) of retail CISOs now consider themselves to be business enablers (well above the cross-sector average of 59%), and more than four-fifths (87%) want to play a more active role as a business enabler going forward (compared to an average of 67%). 86% of retail CISOs increasingly see their role as improving business resilience, not just managing cyber risk.

Retail CISOs are clear that they want to embrace more measured, centralized decision-making processes knowing the high levels of governance involved. This again contrasts with all other sectors who saw themselves moving the other way—drawn to a model described as “agile, fast decision-making with devolved responsibility”.

One of the pathways identified by retail CISOs for achieving the sometimes conflicting goals of the C-suite is adopting a zero trust approach. More than two-thirds (72%) believe zero trust will help them balance conflicting priorities better (higher than cross-sector averages of 55%), enable their organizations to move faster (77%) and encourage more innovation (71%).

Commenting on the findings, James Robinson, Chief Information Security Officer, Netskope said:

“Over the past decade, CISOs in the retail sector have transformed themselves, and their appetite for risk - along with their confidence in their ability to transform their organization - is marked. They have clearly identified that a zero trust approach holds advantages for their organizations, and are embracing it earlier than other industries - 71% already follow zero trust principles compared to sector averages of 44%.

However, in order to elevate their standing among their C-suite peers, CISOs will need to ensure their strategic discussions do not fall back into conversations about technology tools. Communication must focus on business enablement and business risk.”

2025 will see UK businesses undertake a major shake up of their IT and data practices, new research...
Study sees UK businesses placed lowest of ten countries for multi-year sustainability planning,...
70% of UK decision-makers place strong trust in AI technologies, but the vast majority (83%) are...
Software AG has found that half of all employees are using Shadow AI (i.e. non-company issued AI...
AVEVA has partnered with Vulcan Energy Resources and Oxford Quantum Circuits to advance business...
More than three quarters of businesses believe technology is essential for achieving global...
Consumer frustrations mount as shoppers struggle to get adequate product support online, whilst...
New VDI environment avoids downtime worth £1.79 million, with staff costs totalling £35,000 saved...