January must be listed somewhere as the official month of “all-day meetings.”
This is the time of year when CEOs and their teams hunker down with leaders throughout the business in daylong meetings to kick-off plans, programs and initiatives.
If you’re anything like Peter Sondergaard, Senior Vice President and Global Head of Research, Gartner, then you know you’ve been in too many of these meetings when you catch yourself using terms like “I think we need a bio-break.” Sigh.
“I have been working with a lot of client CEOs and their teams over the past few weeks, and one topic keeps coming up over and over again — information security,” Sondergaard reports.
“The sensational headlines from last year about systems breaches, compromised customer data and brand attacks have struck a chord for leaders who see this as a very real and present danger for their organisations.”
What’s to be done?
According to Sondergaard, an ICT industry veteran, the same headlines that have clearly spooked CEOs into putting information security on their priority list have also polarised them into a perilously narrow way of thinking about what actually constitutes information security risk.
“Too often they see the solution as merely improving the tools and platforms managed by their CIO and IT organisations,” he adds.
“But this is not sufficient. Information security is no longer just a technical problem handled by technical people. It requires systemic behaviour change in business process and by all employees.
Read more: Car dealership beats security password sprawl with Centrify
“And as more enterprises become digital businesses, they will require a digital risk and security program.”
In speaking with Gartner’s chief of research for security and risk, Paul Proctor, Sondergaard believes it is clear that CEOs must own the responsibility of redefining what security and risk means for their organisations as they become digital businesses.
To address these challenges head on, Gartner research strongly recommends that CEOs consider the role the digital risk officer (DRO), which is a new role or an expanded set of responsibilities for the chief information security officer (CISO).
Digital risk officer: A new year, yet another new role?
“As organisations, marketplaces, customers and every other factor impacting our strategy constantly change, new opportunities and risks inevitably present themselves to CEOs and senior leaders,” Sondergaard says.
“New roles with defined responsibilities are often created to focus the necessary time, resources and expertise on these issues so that, putting it simply, something gets done about it.”
