The cost of innovation for CISOs