India's largest platform for AI & Analytics leaders & professionals

Sign in

India's largest platform for AI & Analytics leaders & professionals
Become a Thought Leader
Become a 3AI Member

Sign in

3AI Digital Library

< Go Back

How CIOs are looking at crafting cybersecuirty strategy

3AI June 23, 2019

The failure to manage cyber risks will disrupt digital business in the current era and expose organization to possible impacts beyond opportunity loss. The degree to which CIOs involve in digital risk management will be a critical factor to circumvent such perils.

Digital advancements and change in the technological paradigm such as cloud, IoT and mobility have made cyber security an absolute necessity to safeguard enterprises from ransom ware.

The problem in front of CIOs is not only unregulated IoT devices in the enterprise , but also the nature of the devices themselves. Security needs to be improved in the design process and is the top strategic pillar of priority.

In the face of increasing cyber-attacks and more multifaceted, stringent data privacy laws, security has become a priority discussion in the boardrooms of organisations across different industries.

In this blog, I would like to explore the key drivers to implement a cyber security strategy and some of the preventive measures in case of threat to business. It also illustrates some latest information on cyber security solutions and the organizations response to dealing with the cyber security skills gap. It also analyses on how CIO’s are handling and prioritizing the changing cyber-security landscape.

As CIOs decide on risk levels they’re equipped to accept and pursue their security objectives, as information/data becomes critical for businesses.

Executive engagement towards cyber security

Cyber security accountability must lie with the CIO, but the culture of security needs to be adopted by the whole enterprise. Principal causes of cyber security occurrences result from employee negligence. CIO’s efforts endure to flounder against the number and variations of different cyber-attacks which keeps increasing continuously.

To combat and recognize these threats effectually, CIOs and IT executives need to cement an effective IT security strategy that enables the right tools and technologies at the same time foster a culture of security.

Several mechanisms together with a charter, policy, strategy and governance mechanisms form a digital cybersecurity program that delivers the suppleness required to enable business plans, notify risk trade-offs and respond to ever-changing threat environments.

There are no prescriptive approach  organizations that give comprehensive assurance that all rational steps have been implemented. CIO’s plays the imperative role  for setting direction for the organization to evaluate their own situations and assess a number of factors to make an informed judgment according to different scenarios.

The CIO becomes the key anchor emphasizing the linkage between business and cyber risk. This needs to be accomplished across, technical, non-technical staff, with the influence from the board. This is a critical time for CIOs to be thoughtful in their implementation and communication framework of cyber risk management issues across the stakeholders in the business. Prioritizing organization’s restrained business design and environmental factors, the CIO will be in a position to cover external threats and regulatory requirements

CIOs can’t shield the organizations on all type of risk and is practically not viable. It is imperative to  create a sense of balance between sustainable set of controls to protect their businesses with their need to run them. Taking a risk-based method will be a critical point to establish target levels of cybersecurity readiness. Budgeting alone does not create an environment for improved risk posture, CIOs must prioritize security investments to ensure that there is a true value for budget assigned on the right things this needs to be based on business outcomes.

Attacks and compromise are inevitable, and, by 2020, 60% of security budgets will be in support of detection and response capabilities.” — Paul Proctor, Gartner vice president and distinguished analyst

Cyber Security Sequence CIO’s could consider:

Consider a robust Risk-Based Method to Improve Business Outcomes: Cybersecurity issue requires judicious risk management that can be done effectively. This approach should be measurable and most importantly enable decision making and executive engagement.

Establish Cybersecurity and Risk Governance to enhance Information Security:

Effective governance is a cornerstone of security programs, CIO should ensure there is right leadership for risk management to support and implement governance and mitigate the risks for assurance.

CIOs Should Mitigate Cybersecurity risk have aligned to the Lens of Business Value:

Postulates that CIOs should address cybersecurity challenges like a business function. This will enable them to bring levels of protection that support business outcomes in accordance with the business value.

Cybersecurity is complex, it requires a specifically designed program that enables resilience, agility and accountability

 Organizations that rely on obsolete, basic approaches towards security program management will continue to experience incompetence and internal disconnects. This will reflect in failure to deliver optimum business results. Organizations that roadmap more complex, but agile approach will position themselves for digital business success and resilience.

 The cyber threat landscape continues to evolve with significant attacks happening, especially over the last decade. The changing paradigm of businesses in adopting IoT has a surge in these attacks. Greater amounts of threats coming into that space has a direct relation to consumer related devices, in the form of machine to machine traffic for businesses.

A CIO has an imperative role to instate security across  the organization and business lines. The responsibility extends for effectively handling risk mitigation that span the spectrum across the entire organization. This needs a laser focused approach that is ingrained into the daily operations of the IT setup but as well for the enterprise, products they deliver in the form of digital services.

The CIO’s role in security makes them suitable by the fact that they understand the consequences of technology. As enterprises endure digital transformation, CIO’s recognize that a lot of value comes in the information and delivery of those digital assets. The CIO is equipped with top notch expertise within the organization to comprehend different risk scenarios and successfully implement it across multiple cross-functional areas.

Related Posts

AIQRATIONS

    3AI Trending Articles

  • Transforming Customer Experience through Unified Business Functions

    Author: Souvik Das, AVP – Platforms & Offerings, Genpact Digital and Pramit Dasgupta,VP – Platforms & Offerings, Genpact Digital The recent pandemic has changed customer expectations and interactions in many ways. Forever. As organizations evolve through the new normal and gear up to satisfy their customers, there is a need to rethink and redesign how […]

  • The Role of Emotional Intelligence in an AI-Driven World: A Crucial Human Skill for Symbiotic Relationships

    Featured Article: Author: Anees Merchant, EVP, Global Growth and Client Success, Course5 Intelligence The relentless progress of artificial intelligence (AI) is indisputable, and it is rapidly transforming many sectors worldwide, from healthcare and education to commerce and manufacturing. The term “AI-driven world” is no longer futuristic but a present reality. However, amidst this remarkable advancement, […]

  • IIT Kanpur introduces Master’s programs in Cybersecurity

    IIT Kanpur has introduced three new cybersecurity postgraduate programs with intent to to address the need of cybersecurity personnel by ensuring training of dedicated and highly skilled manpower.   With a view to meet the shortfall in trained and skilled cybersecurity personnel in the country, the Indian Institute of Technology, Kanpur has decided to introduce […]

  • Automated Quality Excellence Framework for Data Science Modelling

    Featured Article: Author: Abhishek Sengupta, Walmart Global Tech India Introduction:  A necessary but often tedious task data scientists must perform as part of any project is quality assurance (QA) of their modules so as to prevent any unforeseen incidents during deployment. While Quality Assurance and Excellence is quite prevalent in Data Engineering, QE in Data […]