CIOs and CISOs must work closely with the C-suite to justify security budgets.
As C-Suites work closer with technology, enabling them to explore more data-driven, real-time enhancements of the business than ever before, CIOs and CISOs have to be able to guide them and help them along the digital transformation journey.
Richard Watson, EY Asia-Pacific Cybersecurity Risk advisory leader and Keith Yuen, EY Greater China Advisory Cybersecurity leader told CIO Tech Asia, CIOs and CISOs have to engage with their boards more regularly and reach out across the business to forge new alliances with functions with which the CIOs and CISOs traditionally have little contact.
“More CIOs and CISOs must now consider how they can raise their profiles and be seen as innovators within their organisation in pursing the commercial goals,” they said. “By doing so, CIOs and CISOs can contribute to their organisation in a more business-driven, value-added way.”
In other words, they must “communicate in a language” the board can understand and consider a risk quantification program to communicate cyber risks more effectively.
“Additionally, CIOs and CISOs must showcase results to the C-suite board in order to secure and justify cybersecurity budgets,” they said.
The critical element for C-suite leaders to keep up with the ever-changing digital landscape is not about equipping themselves digital skills; it is about communications between the board, the C-suite and senior leaders.
Traditionally, CMOs have focused on only demand generation and lead generation, which exist primarily on the top of the funnel.
Increasingly, CMOs are working with CIOs to leverage data and technology to connect all the experiences and provide a more personalised customer journey and, ultimately, to increase the business impact and drive the results that the full C-suite needs to succeed.
Meanwhile, CFOs are playing a larger role than ever in really driving the digital transformation of the customer experience given the critical business case that must be made.
“Emerging technologies today require CFOs to be engaged in identifying what technologies should be deployed to create value,” said Watson and Yuen. “CFOs need to work with chief technology officers (CTOs) and CIOs to understand the real use cases in the business, understand the investments required and define the metrics to measure the return on investment.
CFOs recognize that the right data and technology investments for the short and long term can make a competitive difference in driving growth and value.”
Both Watson and Yuen agree that with stronger relationships at business and board level, a better understanding of the organisation’s commercial imperatives, and the ability to anticipate the evolving cyber threat, CISOs can become central to their organisations’ transformation.
In EY’s study, Tech Horizon: Leadership perspectives on technology and transformation, there are some habits of business leaders to drive digital transformation:
- Focusing on customers, first and foremost
- Embed a focus on customer centricity across the entire company, not just in customer-facing roles. Make it a declared value of your organisation or pillar of your strategy. Make everybody – at every level, in every division – regularly read or listen to customer feedback.
- Create a continuous, closed feedback loop between the customer and the company. That will allow you to address customer comments in real time and involve them early in research and development efforts so that future products, services, and experiences are more likely to exceed their changing demands.
- Accelerating artificial intelligence (AI) to drive growth
- Assess current processes, products and services that can be improved through AI.
- Build completely new use cases from the ground up.
- Develop a robust value-measurement process, so companies can better monitor and assess the benefits they are receiving from the solution.
- Driving innovation through ecosystems and partnerships
- Proactively explore the areas of value that are too challenging or require too much investment of capital to achieve with existing capabilities.
- Scan the market to identify potential partners, undertaking “art of the possible” discussions before launching into the specific legal and contractual nature of the relationship.
- Dedicate ample time and resources to culturally embedding the relationship across the organisation.
- Articulate the value for customers and employees.
- Establish a recurring review process to allow all parties to generate and receive value from the ecosystem.
- Be sure to set up an effective relationship-management process supported by robust enablement services.
- Nurturing talent with new incentives and strategies
- Build out a deliberate, data-based workforce strategy, starting with knowing what talent you have and what talent you need going forward. Understand future talent skills gaps (and surpluses) and implement “build, buy and borrow” talent interventions to support the achievement of business strategy.
- Create a culture of continuous learning and develop a learner experience that allows for the development of skills in a learner-centric way. This needs to be backed up by a consumer-grade learning experience and supporting technology. Employees are the lifeblood of any business, so it’s essential they have the skills they need to thrive and deliver real business value.
- Understand that investing the bare minimum in skills is a false economy and will negatively impact customer experience.
- Invest in skills across the organisation. Link employee attainment to resourcing decisions and pay close attention to creating a workforce that encompasses a diverse set of skills at all levels of the organisation.
- Activating governance plans for emerging tech
- Establish key functions within the business that are supported and empowered to establish standards and policies around governance, privacy and the ethical use of technology.
- Ensure these teams are aligned with other internal teams and functions, so they work together, not against each other.
- Align innovation and corporate governance teams early in the innovation cycle, so technology is more likely to be developed ethically and with good governance.
- Avoid organisational structures and corporate governance that stand in the way of creative thinking by motivating business leaders to support the development of fluid teams through agile working models.
- Powering innovation by leveraging data and being agile
- Understand and respect the significant value data can deliver to your business, underestimating it at your own risk.
- Ensure data is trusted and has meaning. It must be clean, of high quality, compliant and secure.
- Embed data at the heart of the business. Moving data out of the operational business is inefficient – instead, organizations must connect the “brain” of the business (the data) to the “body” (operations).
Communications between CIOs and the board, the C-suite and senior leaders is the key to help the C-suite leaders to under how to leverage new technologies to drive business growth.
“CIOs should establish cybersecurity as a key value enabler in digital transformation. They should bring cybersecurity into the planning stage of every new initiative,” said Watson and Yuen. “Take advantage of a Security by Design approach to navigate risks in transformation, product or service design at the onset (instead of as an afterthought).”
To assist the C-suite leader better understand the risks, CIOs can help implement governance structures that are fit for purpose — develop a set of key performance indicators and key risk indicators that can be used to communicate a risk-centric view in executive and board reporting.
According to EY Global Information Security Survey 2019-2020, the most challenging aspect of managing cybersecurity operations in Asia-Pacific is “procuring or justifying budget” (16 per cent), followed by “proving to the board / C-suite that cybersecurity is performing in line with expectations” (15 per cent).
The new skills required from the CISO, which includes commercial expertise, will be accompanied well with strong communication skills, allowing them to work collaboratively within an organisation to communicate the value of cybersecurity by setting up clear key performance indicators and board reporting systems.
C-Suite executives need to recognise that technology is only one part of the equation. Everyone, at every level, needs to be vested in digital transformation in order to stay ahead of the competition. CIOs should communicate thoroughly with their C-suite peers and evaluate where technology can be applied to help drive business growth.
“Emerging trends such as 5G, AI, IoT, blockchain need a digitally strong workforce that can lead the data-driven transformation,” Watson and Yuen said. “Therefore, it is important for an organisation to re-skill and up-skill employees including C-suite leaders to navigate the ever-changing digital landscape. They should identify gaps in their skillset.”
With more people spending time online for consuming and accessing information and services, the chief marketing officer (CMO) of all enterprises will have to reassess their role as they shift from a campaign-focused to a more customer-focused style of working. A low-risk environment must be guaranteed as the market evolves and rely more on digitisation and data-driven strategies.
In addition to maintaining close communication with their chief technology officers (CTOs) and chief information security officers (CISOs) to ensure market development does not disrupt critical services and information security, the new age CMO must understand:
- Importance of data privacy: From a cyber point of view, the CMO’s chief responsibility is to ensure their teams understand the value and privacy of the data they are handling. Often marketing teams have access to the “crown jewel” of the business – the customer relationship management (CRM) database – and can access personal information of customers. It is critical that that personal information remains in the corporate cloud and is accessed remotely via VPN, and that is it not downloaded to home computers to design, create and run campaigns.
- Unstable cloud operations: Separate, non-IT approved clouds should not be set-up – this only fragments customer data more, and potentially exposes it to an insecure environment, and can even breach regulation if the cloud is not in your home country.
Tags: AI & Machine LearningCIOCISOsCOVID-19digital transformationGIoT