Netskope, a leading provider of SASE solutions, recently published a new report analyzing the evolution of the industrial sector CISO role. The research found that CISOs in the industrial sector are undergoing a transformation:
- 60 percent of CISO respondents in the industrial sectors said that their role was changing rapidly (compared with 65 percent across all industries, and 80 percent in finance).
- Just under two-thirds (63 percent) want to play a more active role as a business enabler going forward (compared to an average of 67 percent)
- Half of all industrial sector CISOs say their appetite for risk has grown in recent years (lower than the average of 57 percent).
However, the majority of industrial sector CISOs report that there is a lag in the understanding of their potential among their C-suite peers:
- Six in 10 industrial sector CISOs (61 percent) believe that other members of the C-suite fail to see that the CISO role makes innovation possible.
- 91 percent of industrial sector CISOs said that conflicting risk appetites is an issue in their C-suite.
- Just half of industrial sector CISOs (51 percent) believe a zero trust approach will enable them to balance conflicting priorities better (lower than cross-sector averages of 55 percent, and significantly lower than the finance sector’s 68 percent). And only 39 percent of CISOs from industrial organizations report that they operate with zero trust principles today (lower than the 44 percent cross-sector averages).
The report also found that as industrial sector CISOs grow in confidence in their evolved role, they expect to base their decisions in the years ahead on creating a more closed and secure organization. This runs counter to all other sectors analyzed (finance, retail and healthcare) which are all planning to create a more open and flexible organization.
- Industrial CISOs anticipate strongly prioritizing protection for the workforce over flexibility of the workforce when making productivity decisions.
- Risk minimization is expected to become prioritized over experimentation at speed.
- Industrial sector CISOs tended slightly more toward measured, centralized decisions with high levels of governance over agile, fast decision-making with devolved responsibilities.
- When it comes to business process and efficiency, industrial CISOs intend to take a more controlled approach to restricting access to the right people for the information, data, and tools they need.
“The research makes it clear that CISOs in the industrial sector are generally hungry to play a more proactive role that enables innovation while also protecting the business," stated James Robinson, CISO at Netskope. "In my experience, the best way to make CISOs more proactive partners across the C-suite is to gain deep understanding of the business challenges C-suite colleagues are focused on solving and align those to security strategies, rather than attempt to assert security strategy – or individual technology choices – on what is perceived to be C-suite risk appetite.”
“Too often this alignment doesn’t occur among teams. But CISOs who are able to define the ways they are helping their C-suite peers to acquire new revenues, drive efficiencies and navigate regulatory requirements, will be recognized as valuable contributors at the highest levels.”
The full report can be accessed here.