Waterfall

Perspectives

Issues for CIOs: IT risk and security

Giving cybersecurity the attention it deserves

How can executive management and the board become more engaged on IT risk and security?

Technology topics addressed at most recent board meeting by chief information officers (CIOs)

This section is an infogram

This message and the space it occupies will not be displayed when viewing this page either in Live, Preview, or "View as published" modes

With massive data breaches routinely making headlines, one of the most important relationships in business today is among CIOs, security leaders, and business leaders. Yet organizations don’t necessarily act that way.

Our 2018 global CIO survey found managing IT risk and security was a lower-than-average IT priority, despite having higher-than-average perceived expectations from the business. In addition, CIOs don’t believe cybersecurity is a high priority for their business leadership, or that chief information security officers (CISOs) are important to driving digital initiatives.1 This suggests that CIOs are saying the right things but, when it matters, they’re prioritizing other issues like performance, customers, and innovation.

The good news is almost three-quarters of CIOs in the technology, media, and telecommunications (TMT) industry say their IT function has a strong relationship with security, and that investments in IT risk and security are strategic. However, both IT and business leaders should realize cybersecurity should be integral to every digital initiative. Well-developed strategies and broad digital transformation efforts can be easily derailed by security issues if not properly addressed from the beginning.

First, CIOs and CISOs should effectively communicate with each other, their executives, and boards. That doesn’t happen enough today. Even though chief executive officers (CEOs) and board members say cyber risk is their greatest concern, only 38 percent of CEOs and 23 percent of board members say they’re “highly engaged” on the issue.2 Perhaps that explains why only roughly half of TMT CIOs we surveyed said IT risk and cybersecurity were discussed at their most recent board meeting.

Second, organizations can’t sacrifice security for speed, leaving security leaders on the hook once the rest of the C-suite has decided what to do. CIOs need all relevant colleagues at the table to help guide the process. For example, many organizations are employing artificial intelligence (AI) for their products and operations. Yet fewer than half build cybersecurity into AI projects, even though it’s identified as the top risk.3

When it comes to cybersecurity, one mistake can cause years of pain for an organization. Elevating cybersecurity performance requires all hands on deck, working collaboratively and deliberately. It’s when leaders rush initiatives to gain an edge that they can risk making headlines for the wrong reasons.

This charticle authored by David Jarvis on February 13, 2019.

Want more CIO content?

Explore our full collection now

To help CIOs and technology leaders keep pace with the latest developments and trends, we offer a mix of innovative thinking, perspectives, and practical advice for CIOs—all designed to help you turn new developments in the IT landscape into more value for your business.

illustrative eye

Endnotes

Insights from Deloitte’s 2018 global CIO survey.
Insights from Deloitte’s 2018 CEO and board risk management survey, “Illuminating a path forward on strategic risk”.
Insights from Deloitte’s “State of AI in the enterprise, 2nd edition”.

Site-within-site Navigation. Do not delete! This box/component contains JavaScript that is needed on this page. This message will not be visible when page is activated.

Fullwidth SCC. Do not delete! This box/component contains JavaScript that is needed on this page. This message will not be visible when page is activated.

Did you find this useful?