A new report out today shows that traditionally focused CISOs and cybersecurity leaders are significantly more likely to stymie digital transformation efforts vital to the business than their more strategic peers.
Conducted by Market Strategies International on behalf of Titus, the study surveyed 600 IT executives across North America and the UK about the relationship between innovation and risk.
Most notably, it broke out security respondents based on their self-identified primary professional motivators. The first contingent were the more traditional breach-blockers in chief, those conservative security leaders who stated they’re primarily motivated by fear of breaches and data loss. The second group were the strategic security professionals, who stated they were motivated by safely-enabling innovative new processes or products.
Whereas only about 58% of the first group say their organizations see security as a strategic advantage, 94% of the second group says the same. Accordingly, only about 52% of the conservative security leaders report that the security team is involved in strategic decision-making about digital transformation, while a full 96% of the strategic thinkers report they’ve got a seat at the transformation table.
All of this boils down to a rift between the two groups that’s separating organizations into the haves and the have-nots of digital transformation. While 76% of the strategic security professionals believe they will prepare their organizations to achieve their digital transformation goals in the next five years, just 54% of the traditional security professionals believe they will be ready by then.
“In speaking with organizations of all sizes, it’s clear there are two approaches to security–one where you view it as enabling your business, and one where you view it as a cost of doing business,” said Jim Barkdoll, CEO for TITUS. “Adopting a strategic approach to security is a game changer.”
The good news is CISOs were more likely to be represented in the pool of strategic thinkers than those with the traditional security mindset. More than half of the strategic group was made up of CISOs, while only about a third of the conservative group was similarly titled.
This reflects a growing trend seen by security pundits like Rohit Ghai, president of RSA Security, who say more CISOs today are taking a nuanced business view of their role in the enterprise. He says that he sees a “significant percentage” of security leaders involved in digital transformation efforts today.
Where he believes that even the more involved CISOs need to improve is getting themselves inserted earlier in the strategic discussions.
“The problem is that while, yes, they are involved, they’re frequently involved as an afterthought,” he says. “The very first meeting that an organization sets to plan its digital transformation journey should have risk and security leaders participating. The future opportunity isn’t just participation, but timely participation of the security stakeholders.”
Ghai says that this is going to require CISOs to flex their collaboration skills. To make security a firmly embedded part of digital transformation, cybersecurity leaders must be able to engage well with three major groups of stakeholders. That includes business stakeholders, CIOs and IT leaders, and enterprise risk executives who are thinking about every kind of risk from to terrorism to weather-related risks.
“Cybersecurity and digital risk management is a team sport,” he explains.
In order to truly hit the mark with those core business stakeholders, Ghai also believes that CISOs must work hard to “bolster their business acumen.”
“They need that innate sense of what’s important to the business and how to apply business context to security,” he says. “Most CISOs have a great technical pedigree. I think they need to invest not only in management skills, but also business skills.”
That’s crucial in an era where CEOs view digital disruption as their number one risk, above cybersecurity and all other risks.