Issues for CIOs: IT risk and security

With massive data breaches routinely making headlines, one of the most important relationships in business today is among CIOs, security leaders, and business leaders. Yet organizations don’t necessarily act that way.

Our 2018 global CIO survey found managing IT risk and security was a lower-than-average IT priority, despite having higher-than-average perceived expectations from the business. In addition, CIOs don’t believe cybersecurity is a high priority for their business leadership, or that chief information security officers (CISOs) are important to driving digital initiatives.¹ This suggests that CIOs are saying the right things but, when it matters, they’re prioritizing other issues like performance, customers, and innovation.

The good news is almost three-quarters of CIOs in the technology, media, and telecommunications (TMT) industry say their IT function has a strong relationship with security, and that investments in IT risk and security are strategic. However, both IT and business leaders should realize cybersecurity should be integral to every digital initiative. Well-developed strategies and broad digital transformation efforts can be easily derailed by security issues if not properly addressed from the beginning.

First, CIOs and CISOs should effectively communicate with each other, their executives, and boards. That doesn’t happen enough today. Even though chief executive officers (CEOs) and board members say cyber risk is their greatest concern, only 38 percent of CEOs and 23 percent of board members say they’re “highly engaged” on the issue.² Perhaps that explains why only roughly half of TMT CIOs we surveyed said IT risk and cybersecurity were discussed at their most recent board meeting.

Second, organizations can’t sacrifice security for speed, leaving security leaders on the hook once the rest of the C-suite has decided what to do. CIOs need all relevant colleagues at the table to help guide the process. For example, many organizations are employing artificial intelligence (AI) for their products and operations. Yet fewer than half build cybersecurity into AI projects, even though it’s identified as the top risk.³

When it comes to cybersecurity, one mistake can cause years of pain for an organization. Elevating cybersecurity performance requires all hands on deck, working collaboratively and deliberately. It’s when leaders rush initiatives to gain an edge that they can risk making headlines for the wrong reasons.

This charticle authored by David Jarvis on February 13, 2019.