The CIO/CSO Imperative: Strategic Conversations, Collaborative Partnership & Technology Involvement
Digital transformation in today’s business environment makes security even more of a priority. In the past year alone, the number of security incidents that occurred at enterprise organizations rose to more than 9,000;* and once exposure occurs, it’s too late. In the 2015 CIO/CSO Partnership Survey, 57% of top IT executives said that once a major security breach is publicized, the most common internal response is more scrutiny focused towards the IT department. Additionally, half say there’s more focus on the security department. Either way, both IT and security leaders realize the value of the other’s role in proactively addressing security within technology and the business. In fact, there’s no doubt that CIOs are sold on the value of CSOs as 77% say a top security executive is needed in order to elevate the focus on security within an organization. Both understand a strategic, collaborative relationship must be in place in order for projects to succeed within their organization.
Successful security collaboration is imperative, from being willing to address issues often to discussions at the right project stages. Security concerns are highly discussed in the early stages of a project with 81% of CIOs reporting that security is discussed when determining technical requirements, which is closely followed by discussion during the evaluation of products and services stage (80%). In terms of the frequency of collaboration, there is a relatively high level. Nearly two-thirds (65%) of CIOs interact with their CSO/CISO colleague at least once per week, and 78% of CSOs stated they meet with their CIO colleague at least weekly. Interaction doesn’t stop there, though. In order to establish a core partnership and execute a flawless security plan, tech and security executives have formal strategy sessions at least monthly, some even weekly. Within these meetings CIOs and CSOs discuss their main issues of concern, including:
Even with all of this collaboration, it is natural for co-workers, including top executives, to not always see eye to eye. When asked what is the single greatest risk to their enterprise from the IT department, the majority of security leaders said that IT will misconfigure existing technologies and expose the business to undue risks, followed by adopting new technologies that expose the business to risk, and not investing enough in information security. CIOs are well aware of these preconceptions – 36% think that CSOs/CISOs would say the greatest risk with IT security within their organization is that security decisions are made after business decisions. Despite this, CIOs and CSOs are on the same page about line of business risks.
As communication between top IT and security executives continues to increase, it is reasonable to wonder what else this relationship could do for the business and where it is headed. The CIO/CSO partnership ultimately depends on the organization and industry standards, but enterprises recognize the need for balance between IT and security, as well as the business, in order to create successful and secure projects.
Want to know more about the CIO/CSO relationship? Download our white paper.