Netskope published a new report analyzing the evolution of the
industrial sector CISO role. ‘The Industrial CISO: Bringing Balance' is based
on research with over 1,000 CISOs globally, and it explores the evolution of
the industrial sector CISO role as a strategic member of the executive team,
comparing the sector to cross-sector averages to identify unique insights into
automotive, manufacturing, logistics and critical national infrastructure
organizations.
The research found that the CISO role in the industrial sectors is
undergoing a transformation:
- 60% of CISO
respondents in the industrial sectors said that their role was changing
rapidly (compared with 65% across all industries, and 80% in
finance).
- Just under
two-thirds (63%) want to play a more active role as a business enabler
going forward (compared to an average of 67%).
- 50% of industrial
sector CISOs say their appetite for risk has grown in recent years
(lower than the average of 57%).
...however, the majority of industrial sector CISOs report that
there is a lag in the understanding of their potential among their C-suite
peers...
- Six in ten
industrial sector CISOs (61%) believe that other members of the C-suite
fail to see that the CISO role makes innovation possible.
- 91% of industrial
sector CISOs said that conflicting risk appetites is an issue in their
C-suite.
Just half of industrial sector CISOs (51%) believe a
zero trust approach will enable them to balance conflicting priorities better
(lower than cross-sector averages of 55%, and significantly lower than the
finance sector's 68%). And only 39% of CISOs from industrial
organizations report that they operate with zero trust principles today (lower
than the 44% cross-sector averages).
The report also found that as industrial sector CISOs grow in
confidence in their evolved role, they expect to base their decisions in the
years ahead on creating a more closed and secure organization. This runs
counter to all other sectors analyzed (finance, retail and healthcare) which
are all planning to create a more open and flexible organization.
- Industrial CISOs
anticipate strongly prioritizing protection for the workforce over
flexibility of the workforce when making productivity decisions.
- Risk minimisation
is expected to become prioritized over experimentation at speed.
- Industrial sector
CISOs tended slightly more toward measured, centralized decisions with
high levels of governance over agile, fast decision-making with devolved
responsibilities.
- When it comes to
business process and efficiency, industrial CISOs intend to take a more
controlled approach to restricting access to the right people for the
information, data, and tools they need.
Commenting on the findings, James Robinson, CISO at Netskope
said:
"The
research makes it clear that CISOs in the industrial sector are generally
hungry to play a more proactive role that enables innovation while also
protecting the business. In my experience, the best way to make CISOs more
proactive partners across the C-suite is to gain deep understanding of the
business challenges C-suite colleagues are focused on solving and align those
to security strategies, rather than attempt to assert security strategy - or
individual technology choices - on what is perceived to be C-suite risk
appetite."
"Too often
this alignment doesn't occur among teams. But CISOs who are able to define the
ways they are helping their C-suite peers to acquire new revenues, drive
efficiencies and navigate regulatory requirements, will be recognized as
valuable contributors at the highest levels."