June 05, 2018
June 05, 2018
Contributor: Jill Beadle
Chief information security officers need to support the CIO and seize new opportunities in digital business.
A large number of CIOs now operate as C-level business executives focused on driving revenue and scaling digital business for their organization. This has put a spotlight on chief information security officers (CISOs).
“Like it or not, you’re now the digital CISO regardless of title,” Christian Byrnes, managing vice president at Gartner, said at the Gartner Security and Risk Management Summit in National Harbor, MD.
As the CIO role evolves, so should the role of the CISO. This evolution is likely be ongoing as, according to the 2018 Gartner CIO Survey, 95% of CIOs expect threats to increase and impact their organization. “They know now that cybersecurity isn’t something to put on the back burner,” said Byrnes.
In response, Byrnes recommended CISOs support the new role of the CIO and take advantage of the opportunities it brings.
The goal is to shift the view of security and risk from a technical problem to a strategic priority. CISOs must apply rigor and perspective to the business orientation, cost, and value of risk management and cybersecurity. CIOs can then help boards and executives better engage in risk-based thinking, improve decision making around risk and security investments and evolve the culture in the treatment of risk.
Byrnes shared the steps needed to do so:
Be prepared to include non-IT executive risk stakeholders in security governance group and decision-making process. They often have a better grasp of the organization and its needs.
CIOs’ increased focus on business leadership presents CISOs with an opportunity. CISOs can take on additional responsibilities by encouraging their CIO to delegate leadership functions, provided the CISOs have the needed resources.
The new CIO role also challenges CISOs to sharpen the security strategy so it is closely aligned with the business focus of the CIO. Develop a clear, comprehensive vision and implement metrics relevant to business outcomes.
CISOs should seek out their organization’s digital business teams, commonly found in mature, top-performing organizations. Such teams move quickly, are typically responsible for enterprise transformations and can help CISOs build their future. If such a team doesn’t exist, CISOs should watch to see if one develops.
Pay attention to how and why CIOs rebalance technology portfolios. The 2018 Gartner CIO Survey revealed two areas that directly impact CISOs and in which CIOs are making large investments: cloud services and cybersecurity. Although ranked lower on the list of key investments, CISOs should also pay close attention to artificial intelligence (AI) and machine learning.
Many organizations have already made significant investments in the tech. However, AI and machine learning will be key as they can be used to offset hiring challenges. When done right, Byrnes said, AI can provide insights CISOs wouldn’t get otherwise. He offered three tips for those looking to implement AI:
“It’s time to develop expertise in AI,” advised Byrnes. “It will benefit you over the next five years.”
Join your peers for the unveiling of the latest insights at Gartner conferences.
Recommended resources for Gartner clients*:
The 2018 CIO Agenda: Security and Risk Management Insights on Becoming a Digital CISO
*Note that some documents may not be available to all Gartner clients.