81% of retail CISOs say their appetite for risk has grown in recent years (much higher than the cross-sector average of 57%), but all (100%) believe conflicting risk appetites in the C-suite are a major issue.
Less than 2% of retail sector CISOs classify their risk appetite as low
However, nearly a quarter (23%) would describe their CEOs’ risk appetite as low
Retail CISOs see interactions with the C-suite and business as a constant balancing act, with 47% reporting that most interactions are about risk and 53% countering that most are about opportunity
An overwhelming majority (98%) of retail CISOs now consider themselves to be business enablers (well above the cross-sector average of 59%), and more than four-fifths (87%) want to play a more active role as a business enabler going forward (compared to an average of 67%). 86% of retail CISOs increasingly see their role as improving business resilience, not just managing cyber risk.
Retail CISOs are clear that they want to embrace more measured, centralized decision-making processes knowing the high levels of governance involved. This again contrasts with all other sectors who saw themselves moving the other way—drawn to a model described as “agile, fast decision-making with devolved responsibility”.
One of the pathways identified by retail CISOs for achieving the sometimes conflicting goals of the C-suite is adopting a zero trust approach. More than two-thirds (72%) believe zero trust will help them balance conflicting priorities better (higher than cross-sector averages of 55%), enable their organizations to move faster (77%) and encourage more innovation (71%).
Commenting on the findings, James Robinson, Chief Information Security Officer, Netskope said:
“Over the past decade, CISOs in the retail sector have transformed themselves, and their appetite for risk - along with their confidence in their ability to transform their organization - is marked. They have clearly identified that a zero trust approach holds advantages for their organizations, and are embracing it earlier than other industries - 71% already follow zero trust principles compared to sector averages of 44%.
However, in order to elevate their standing among their C-suite peers, CISOs will need to ensure their strategic discussions do not fall back into conversations about technology tools. Communication must focus on business enablement and business risk.”
