Is the CIO’s focus on cybersecurity stalling innovation?
The past two decades have seen the role of the CIO become central to business – they are the IT leaders stoking the coals of innovation, steering their enterprises into the digital, machine-driven age of Industry 4.0.
However, the CIO’s role has never been static. Emerging with the rise of modern enterprise computing, the position has had to flex constantly to the rapid evolution of IT, and the specific nuances of the market, industry and company they operate in.
Surveying 679 IT leaders and 250 line of business, the latest IDG 2020 State of the CIO survey draws a snapshot insight into how the holders of the CIO title are positioned today and where responsibilities are shifting and domains widening.
It would be easy to imagine that, in the midst of widespread and mammoth digital transformation initiatives, their core focus would be on driving investment and successful integration of new technology across the entire business.
And while that certainly is still a key priority, as their organizations and operations become digitally-driven, CIOs must keep up with the ever-growing cybersecurity issues their businesses now face as a result.
Ninety-five percent of CIOs said they had taken on new responsibilities, and for two-thirds, active involvement in cybersecurity, as well as data privacy and compliance, formed a large chunk of this workload, stealing much of their attention away from meaningful work in improving customer experience (CX) though new products and services.
The upshot, is that when new digital solutions are taken on, they open a chest full of cybersecurity issues which must be tightly managed.
For instance, CIOs may be keeping tabs on the efficiency of IoT (Internet of Things) in gathering data which can be used to enhance customer services or provide business insights, but the cybersecurity aspect of digital initiatives is undeniably another crucial component of the operation.
The report stated up to half (45 percent) of CIOs spend a significant portion of their time on security management.
Respondents said time spent on cybersecurity overtook aligning IT initiatives with business goals (44 percent), enhancing organizational operations and performance (42 percent), implementing new systems and infrastructures (39 percent), and directing innovation and improvements in the organization (34 percent).
The pressures of cybersecurity
With full oversight and management of the growing enterprise IT function, CIOs are naturally the first people within the organization to manage the technology’s security.
Demanding a full understanding of the organization’s unique IT infrastructure, methods of working, and data it generates and stores – as well as broad knowledge as to the cybersecurity threat landscape and data policies and regulations – managing cybersecurity on top of the business’s entire IT system is a herculean and unenviable task.
Of course, many companies have their own designated CISO (Chief Information Security Officer) to lead this important area, but an industry-wide cybersecurity specialist shortage makes these individuals hard to find, and also very expensive.
Many companies, then, will find cybersecurity to be a resource-intensive and incessant task, and one who’s necessity is unfortunately taking away the CIO’s attention from more valuable work that differentiates and propels the business in its unique market.
There is now a glut of cybersecurity tools and solutions in the business – the overall cybersecurity software is predicted to net US$25.1 billion in revenue this year, according to PreciseSecurity.com.
But these tools by no means eliminate all threats the business faces. A study by Ovum found a significant number of enterprises utilize up to 50 cybersecurity tools at one time, for example, yet two-thirds of organizations are still susceptible to major security breaches.
Stretched thin and spinning plates – and faced with greater and more sophisticated cybersecurity threats by the day – CIOs are pressured to innovate while holding up the garrison. But it’s not a one-man job, and the burden of security must be distributed and ingrained among every individual in the entire business.
Without the resources to assign a CISO, CIOs must be strategic in their management of teams and workloads, ensuring that security is front-of-mind in product development, and that every individual in the company is educated as to the threats and how to manage them.
The reality, today at least, is that digital innovation and cybersecurity are intertwined, the CIO must accept that, treat them as a unified concept, knowing that attention shouldn’t be paid to one without considering the other.