The information security function within business has gained the rather unfortunate reputation for being the department of “no”, often viewed as a blocker to IT innovation and business transformation. A department seen as out of touch with genuine business needs, and with the demands of evolving workforce demographic of increasing numbers of numbers Millennials and Centennials. However, new research by IDC\Capgemini reveals that attitudes are changing, and business leaders are increasingly relying on their Chief Information Security Officers (CISOs) to create meaningful business impact.
The study bears out a shift in executive perceptions that information security is indeed important to the business. With the modern CISO evolving from that of a responder, to a driver of change, enabling to build businesses to be secure by design. The survey found CISOs are now involved in 90% of significant business decisions, with 25% of business executives perceive CISOs as proactively enabling digital transformation, which is a key goal for 89% of organisations surveyed by IDC.
Key findings from the research include:
- Information security is a business differentiator – Business executives think the number one reason for information security is competitive advantage and differentiation, followed by business efficiency. Just 15% of business executives think information security is a blocker of innovation, indicating that information security is no longer the ‘department of no’
- CISOs are now boardroom players – 80% of business executives and CISOs think their personal influence has improved in the last three years. CISOs are now involved in 90% of medium or high influence boardroom decisions
- CISOs must lead digital transformation efforts – At present, less than 25% of business executives think CISOs proactively enable digital transformation. To stay relevant, CISOs must become business enablers. They need to adopt business mindsets and push digital transformation forward, not react to it. CISOs that fail to adopt a business mindset will be replaced by more forward-thinking players.
CISOs have made great leaps forward
- Focused on making security operations effective and efficient
- Engaged with the rest of the business
- Seen as key SMEs to the board
- Responding to business requests and enabling change
CISOs now need to pivot to because business leaders
- Need to be part of the business change ecosystem
- Must be seen as drivers rather than responders
- CISO as entrepreneur and innovator