3 factors CIOs must address to stay at the strategy table

What separates technology leaders who maintain a strategic role from those who get relegated to IT isolation?
526 readers like this.
devops trends 2020

As technologies continue to usher in fresh opportunities and threats in the age of digital transformation, CIOs and CISOs need to take action to prevent losing their standing and influence before important stakeholders. 

Forward-thinking CIOs and CISOs formulate the organization’s technology, information, and data strategies and convey them with authority to C-suite members and boards of directors. They also marshal teams with true expertise in the deployment of secure solutions, to give the business a competitive advantage. 

When CIOs and CISOs lose that strategic position and do not deliver the right advice to the organization’s executives, business owners may go outside their IT departments to address data-driven challenges and pursue digital solutions, without CIO or CISO input. 

[ See our related story, How to conquer inner fears that limit your career. ]

What separates technology leaders who seize and maintain a strategic role from those who are relegated to IT isolation? Consider these three factors:

Putting ROI of new technologies in context

Being a leader in IT and security means creating a bridge between business and technology needs. It means showing business leaders how technology catalyzes, rather than hinders, progress and innovation. Being a leader also means stepping past the familiar discussion of incremental returns from faster or cheaper systems – and the frightening and costly risks of a technology failure or cybersecurity breach – in order to show the transformational improvements that might be created through smart technology deployment. 

C-suite members might understand the business need, but not the newer technologies available to meet their need. The most effective CIOs and CISOs bridge that gap. 

Educating and guiding directors

Successful CIOs and CISOs are able to educate and communicate with boards of directors. Are you speaking in their language? I talk to many boards, and while the members are hungry for information about these issues, they struggle with context and practicality. For example, it might be easy to see technology’s role in an email outage, but less clear what role new technologies and information security play in preventing a supply-chain disruption.

Directors always understand the financial impact, and the more sophisticated CIOs are adept at translating their team’s work into the financial terms that board members get right away.

The SEC’s basic question: If you have a digital disruption, do you have a board member who can understand it and ask senior management the right questions? 

Meanwhile, the U.S. Securities and Exchange Commission (SEC) is getting more proactive about the impact of a digital disruption on a public company. The SEC’s basic question is: If you have a digital disruption, do you have a board member who can understand it and ask senior management the right questions? 

We can expect that boards of directors in general will become more sophisticated about use of digital technologies and their role in business operations. Boards of directors will increasingly ask the right questions, and they will understand what they hear. 

Rather than easing the burden for information and security officers, this trend will instead make it even more crucial for an organization’s technology leaders to convey a sophisticated, coherent, and strategic message about technology’s role in the business. 

If the CIO or CISO can’t, or doesn’t, someone else will. 

Taking smarter care of organizational data

Business functions, rather than IT organizations, controlled 46 percent of technology investments in 2017, increasing from 43 percent in 2016, according to CIO.com’s State of the CIO 2017 survey. Where does data reside in your organization, and who analyzes and reports it? The head of that business unit is going to earn more authority and credibility among the organization’s leadership. When chief marketing officers, for example, control vast amounts of an organization’s data, CIOs can be seen as having a limited, operational scope. 

An example of where I see at least half of CIOs and CISOs missing an opportunity to add a layer of strategic thinking to data and information is in data classification. Of course, valuable and sensitive organization data must be protected. But too many organizations get along without a data classification system to sort the important and sensitive from the trivial and inconsequential, even amid the torrential proliferation of data experienced by almost every business of every type. 

Without such a system, organizations are left with no option but to protect every single piece of information as though it were the most critical. In essence, a lot of energy is spent protecting information that isn’t that important. 

If, on the other hand, you institute a good data classification protocol, you can focus on the data that is critical to your business. Through this exercise, you can organically clarify which data is most relevant to other business needs. 

In summary, failing to do these things might not have immediate consequences – and perhaps you’re not doing all of these things right now. But by neglecting these aspects of your leadership role, you will cede that responsibility to someone else. On the other hand, by paying attention to them, you will bolster your credibility in the age of digital business. 

Want more wisdom like this, IT leaders? Sign up for our weekly email newsletter.

Raj Chaudhary is a principal in Crowe Risk Consulting and is a leader of the Cybersecurity Risk Consulting group. He also serves as senior vice president of CHAN Healthcare, a subsidiary of Crowe Horwath LLP.