The events of 2020 altered our perspectives on technology, work, life, and society. Some roles within the organization subsequently changed. Take the Chief Information Officer (CIO) as an example. This role is unique because it was already evolving to accommodate organizations’ business environments, a process which required the CIO to begin working with the Chief Technology Officer (CTO) and other C-suite acronyms more closely.
So, how have things changed for CIOs since the pandemic?
To answer that question, I sat down and asked a group of our council members to learn about the challenges CIOs face and what the future holds. It is my pleasure to present this report with some of their thoughts reproduced below.
Finding #1: CIOs Have Begun to Focus on Security Through Loyalty
Organizations’ shift to remote work proved that security doesn’t need to happen in the office.
Troels Oerting, chairman of the board of the World Economic Forum's Centre for Cybersecurity (C4C), told me that organizations’ shift to remote and hybrid work has elevated the challenge of creating a workforce that’s loyal to existing security policies.
“Although self-directed work may become more feasible as people grow into their work-from-home skills,” he explained, “how do you create loyalty to a workplace that you have never been to? How do we make sure that we create this bonding within a workspace so that people will not cheat or be negligent? With a trusted role like a security practitioner, it becomes quite difficult with staff who have access to the crown jewels; and not just the security people – it’s all those who have access.”
That’s especially the case for remote workers who receive access to resources with fewer safeguards in place. These conditions are conductive for social engineering attacks and other digital crime attempts. In response, CIOs might find themselves in a position where they might need to pay a bonus to cover the expenses of these employees showing up in person at the office.
Finding #2: CIOs Must Embrace a Holistic Security Approach
Years before the pandemic struck, organizations first began adding Internet of Things (IoT) along with Industrial Internet of Things (IIoT) devices to their networks. But they didn’t always take the proper precautions to secure those devices. That explains why we heard so many stories of malicious actors misusing smart technologies such as cameras, doorbells, and nanny cams.
Ellen Boehm, VP of IoT strategy & operations at Keyfactor, explained to me that these incidents nonetheless served a crucial purpose—in her words, “driving elevated awareness around security as well as the liability that they bring, not just to developers and manufacturers of the devices but also to those who use them.”
That’s a crucial point. How can you have a conversation about IoT and IIoT security without referencing the user? Whatever safeguards the user implements are just as crucial as whatever security measures the developers and manufacturers decide to take. They all inform IoT and IIoT security as a business priority. They’re equally important.
The same is true from an even higher view of the organization, as well.
“It's old-fashioned to talk about physical security, information security, and digital security,” Oerting explained. “Security is security, since it is all interlinked already.”
To adopt this consolidated view of security, CIOs will need to take the lead in facilitating cooperation both inside and outside the organization. For instance, CIOs will need to help the IT department to think about the solution and threats more holistically. They will also need to work with IT to elicit more knowledge and collaboration from suppliers and competitors.
Finding #3: CIOs Will Become More Cross-Functional
Boehm feels that these holistic efforts will ultimately reshape the role of CIO.
“CIOs are going from managing costs, driving efficiency, and focusing on internal operations to being more involved, more visible, and more strategic in terms of growing the business by leveraging technology,” she told me. “There’s a lot that can be brought to the table when it comes to things like supply chain integrity and implementing this zero-trust mentality, and that's where I see the CIO heading.”
But CIOs can’t do it all. If they’re going to be focusing on these business issues, someone else will need to take up the CIO position’s traditional responsibilities.
“Divesting responsibility might be the key after all,” pointed out Rick Robinson, principal and trusted advisor at Goldbug Technology Consulting.
This might involve distributing some of the CIO’s duties among people who focus on protecting the organization against attack or who are responsible for leveraging technology to be competitive. In doing so, the CIO will become less of a top-down authority and more of a leader.
“The future CIO must become a force that drives the digital transformation rather than just focusing on how it works,” clarified Arthur van der Merwe, information security and industry compliance manager at Australian Payments Network.
The Evolving Role of the CIO
I’d like to thank all the council members including those quoted above for taking part and providing great insight. Looking back on what we discussed, it’s clear that the CIO still has a unique and highly valuable role to play, one that is evolving while remaining focused on clear goals. The CIO balances responsibilities with the CTO, typically by looking inward and aiming to improve processes within the company, while the CTO looks outward, using technology to improve customer-facing actions. As such, the position is moving quickly from being an administrator to becoming a trusted advisor to the rest of the company.
Want more insights into the future role of the CIO? Read the full Data Security Directions Council 2021 report to learn more.