From Expectations to Reality

From Expectations to Reality

Against a backdrop of multiple global uncertainties, CEOs and corporate Boards want their technology and security teams to do more. They require a return on investment that includes risk reduction and business growth. To deliver on this vision, C-level leaders in information, technology, and security are walking the tightrope between innovation and protection.??

To understand how organizations are adapting to this new set of imperatives, we spoke to ten C-level technology leaders and heard their first-hand accounts. Throughout our cross-industry interviews, we found that C-level technology leaders are successfully proving that “innovation vs protection” can be a false dichotomy. In this first article in a three-part series, we spotlight how they are expanding the strategic impact of technology, while maintaining visibility and security.

A mandate from the Board

Our interviewees described working from home as a catalyst for an increased focus on cybersecurity among CEOs and Boards. The potential attack surface is now as boundless as an employee’s home office or local coffee shop. This decentralisation means C-suite technology leaders need to articulate the business value and vulnerabilities of technology to a wider array of senior stakeholders. Yet, it’s harder than ever to have visibility over this ever-increasing estate of digital assets.

Those we spoke to were honing in on the business imperatives and reframing technology investment around capabilities, with a focus on yielding profitable sustainable growth. They have moved from what one interviewee described as an “inward-focused technical role” toward one that “interacts with every part of the business”. With this new perspective, they need access into and visibility of every department and device to adapt to or simply understand an array of new and novel risks.

C-level collaboration

As the security and robustness of technology choices are increasingly in the spotlight, CIOs, CISOs, and CTOs are collaborating to cross-pollinate expertise, gain more visibility, and deliver one united strategic vision.

“The CISO is now a business advisor, it’s no longer a role which focuses on a very narrow channel of developing and optimising technology.” Manish Chandela, Group CISO, Unipart Group

While we found that reporting lines varied, a clear strategy of elevating the role of the CISO was evident among many interviewees. They are working more closely with the C-suite, lines of business and the Board to tackle security risks head-on.

The business-wide impact

“A good CIO should worry about their people, not only their technology”. Yanna Winter CIO for Global Corporate Affairs, Generali

The majority of interviewees acknowledged there are ongoing challenges relating to the recruitment of security professionals, the enablement of employees in general, and the ability of security teams to keep pace with the speed of technological development.

To address this, we discovered that C-level leaders were increasingly automating patch delivery (as one of many capabilities) to scale solutions at speed, particularly in the cloud to free up capacity in their security teams.

Once in place, C-level leaders were more able to drive strategic programmes to democratise information security management. Information Security management principles were introduced at the earliest conception of digital transformation projects to upskill everyone in security practices from the get-go.

“Education across the organization is as important as the build. By placing security front and centre and at the heart of teams, you begin to spread that knowledge across the entire organization.” Ed Alford, CTO, New Look

Through our interviews, we found that the expectations of senior technology leaders are continuing to grow. To rise to the challenge, they are breaking down silos to drive collaboration across the business. They are elevating security professionals and upskilling departments to educate on the risks and opportunities technology offers. But this winning strategy falls short in execution without the right building blocks. As C-level leaders drive forward ambitious new operating models relating to technology and digital assets, their visibility is mission-critical. For technology leaders, it may give them the chance to be both business innovators and protectors.

?

The views reflected in this article are the views of the author and do not necessarily reflect the views of the global EY organization or its member firms.