Netskope has released a new report examining the evolution of the CISO role in the financial sector. The report, titled “The Financial CISO: Bringing Balance,” is based on a survey of more than 1,000 managers around the world and analyzes how their role in the financial sector is changing, comparing it with other sectors to identify unique perspectives.

The study reveals that the role of the CISO in financial services is undergoing complete transformation:

  • 81% indicated their role is changing rapidly (vs. 65% across all sectors).
  • More than 76% want to play a more active role as business enablers in the future (compared to 67% in other sectors).
  • 81% say their risk tolerance has increased in recent years (well above the 57% in other sectors).

However, many CISOs feel that their potential is not fully recognized by their senior management colleagues:

  • 65% believe that other managers do not see the CISO’s role as an innovation facilitator.
  • 89% mentioned that different levels of risk tolerance are a problem in company management.

“In my experience, the best way to make CISOs become proactive allies on the board is to gain a deep understanding of the business challenges that other directors are focused on solving and align them with security strategies, rather than trying to “imposing security strategy – or individual technology choices – on management’s perceived risk appetite,” notes James Robinson, CISO at Netskope.

The CISOs of the financial sector

To achieve greater balance in their organizations, CISOs believe that adopting zero trust principles will be key:

  • 68% believe a zero trust approach will allow them to better balance competing priorities (vs. 55% in other sectors).
  • 78% believe this will allow their organizations to move faster, and 68% believe it will foster innovation.

The report also highlights that, as these financial sector managers gain confidence in the evolution of their role, they expect to make decisions that promote a more open and flexible organization in the coming years:

  • Prioritizing greater flexibility for employees over protecting the workforce in productivity decisions.
  • Adopting more open approaches to facilitate access to the necessary information, data and tools.
  • Prioritizing speed in experimentation over risk minimization.