Categories
Cybersecurity Tech Magazine

Why Enterprise Cybersecurity Should Start at the Boardroom Level

Cybersecurity is becoming increasingly complex, and it is no secret by now that the number of cyber threats companies face on a daily basis has increased dramatically as a result of the pandemic.

All in all, IT teams and their security experts are pulling extremely long hours to come up with better and more efficient ways of protecting their digital operations and data. As a consequence, that is accelerating digital transformation in the area.

According to IDG, most CIOs consider cybersecurity a top priority, with 65% of companies planning to increase their security budget this year. This increase in demand involves hiring extra staff to tackle cyber threats – a push that will surely accentuate the already severe drought of cybersecurity talent.   

But all of this effort will not translate into long-lasting changes unless organisations institute a security-aware culture and take a more strategic and proactive approach to cyber protection. And that must necessarily start from the top.  

Accountability

Nobody would be too surprised if a CEO was ousted after a major financial fiasco. Why would it be any different with cyber incidents?

A Centrify study from 2019 revealed that almost 40% of UK businesses had dismissed personnel for security-related incidents. You can bet not many of those employees were part of their company’s executive team.

Traditionally, security breaches have been considered a responsibility of technical teams and IT leaders, who often end up tracing the incident to a reckless employee who accessed sensitive information while sipping on a cup of coffee at a local café. Sure, human error and shadow IT are behind most cyber attacks, but, like with all systemic problems, a real cultural shift requires everyone’s involvement.

The truth is that technology is too integral to today’s businesses for companies to afford to have leadership that is not directly or at least ultimately responsible for it. Accountability not only ensures better performance; it drives innovation and promotes continuous improvement.

When an executive’s reputation and livelihood are at stake, they are more likely to push for deeper, company-wide initiatives to address potential cyber threats. They will, therefore, invest more resources in protection and become cybersecurity ambassadors within the organisation, setting into motion a series of changes spanning areas from HR to external contractors and business partners.         

But to be accountable, business leaders first need to be knowledgeable.

Executive cybersecurity expertise

Recommending that executives be security-savvy is not to say that CEOs and other members of the board need to have deep technical knowledge of cybersecurity infrastructure and best practices, but they at least must be able to make informed decisions and factor cybersecurity into every key move they make.

One way to achieve such a boardroom environment is to hire executives with an IT background – a trend that is quickly gaining traction among the world’s top companies thanks to the inherent benefits that a strong technical foundation brings to business processes.

Another is to involve CIOs in the strategic decision-making process. IT leaders have acquired a bigger role since the start of the pandemic, growing closer to CEOs and becoming even more pivotal to business continuity than they were before. Companies should keep moving in this direction.

Newer IT-focused executive positions can also be created. Unfortunately, the figure of the Chief Information Security Officer (CISO) remains a rather rare occurrence in the c-suite. Although many companies have dedicated IT leaders in charge of cybersecurity, these are often confined to the IT department and do not get enough executive powers and visibility. Elevating CIOs within the organisation would certainly improve cybersecurity.

But not all solutions involve prioritizing executives with a technical background. Training is always an option. CEOs and their peers can learn to assess cyber threats and keep their company’s cyber resilience in mind when making business decisions. CIOs and their team have a key role to play in this training process, sharing their experience and actionable insights while delivering periodic security audits to inform the executive board.

Sign up to mission control center newsletter
Categories
DSI challenges IT Decision-makers

Evolving Role of the CIO After COVID-19

Discover the evolving role of the CIO after Covid-19. Chief Information Officers (CIOs) have always been aware of the key role they play in their organisation’s success. Others were not so convinced. No matter how commonplace concepts like digital transformation have become, a sizeable portion of today’s business world still regarded IT as a bare necessity, one of the many cogs and wheels that keep the enterprise moving forward. There was no need to know how everything works, the details, as long as it did work. That’s until COVID-19 showed up.

Evolving Role of the CIO

The sudden shift in paradigm has left companies scrambling to come up with solutions to new logistical and business model issues. Adapting normal operations to a fully remote workforce. Devising alternative ways of conducting normal operations while cutting down costs. Identifying new revenue streams. In this climate of uncertainty, a realisation has hit uninterested board members: technology is not just one of the many parts of the behemoth that is the modern enterprise – it’s the engine propelling it into the future.

IT has never been more critical to a company’s prosperity than it is now. And, as the person in charge of designing and bringing to life corporate digital strategy, the figure of the CIO is finally receiving the spotlight it deserves. But CIOs are not only facing the greatest practical challenge of their careers – their role is fundamentally changing, and it will keep on doing so.

From saving the day to ruling it

The pandemic took many organisations by surprise, forcing IT leaders to adapt company infrastructure to support remote work and comply with safety regulations. That was the first of three stages that CIOs will have to navigate to see this crisis through. A mighty task as it is.

Some companies are still ultimating work on this initial step. Together with the C-suite and division managers, CIOs have had to take a deep look at all available resources — not only at the digital transformation strategies and tools already in place, but also at the existing talent within their team.

Covering the holes is not easy in times of dwindling budgets and company-wide cuts. CIOs have had to resort to a mix of ingenuity, agility and adaptability to find creative and efficient ways to save everyone’s day.

When it comes to talent, IT leaders have continued hiring for the most business-critical digital transformation projects: cloud, cybersecurity, digital payments, shipping logistics, etc. In addition to permanent hires, CIOs are enlisting external IT consultants as a great way of upskilling their teams.

Once the fire is out, the second step for CIOs to take is to consolidate the new measures, protocols and ways of working. CIOs are working together with HR to develop online training programs and tools that live on beyond the current crisis. They also have an important part to play in the return to the office, advising the larger organisation on how to best use digital resources to implement a process that is both safe and seamless.

A larger role moving forward

As the world slowly starts going back to normal, the lessons learned from this health emergency will have severe implications on how IT is approached in the future. Rather than supporting business decisions, CIOs will have a bigger say in how companies are run — from helping companies develop a more adaptable work culture, to being a decisive factor in defining new business strategies.

This is the third and last stage in the journey towards a more relevant and recognised CIO. The novel coronavirus has only sped up what was already bound to happen. IT leaders are now in the driver’s seat. Godspeed.

🔊 Subscribe to our podcast


Join our community and find your next job or expert in IT