4 data challenges for CIOs

Tapping the business value of data while keeping it secure is a complex balancing act. Check out this advice on how to tackle four top priorities
No readers like this yet.
CIO_Big Data Decisions_2

In 2023, CIOs are at a crossroads with what some may consider a company’s most valuable asset – its data.

On the one hand, data is extremely useful for decision-making, targeted marketing, and optimizing business performance. But on the other hand, data can be a source of risk. Data breaches can be devastating, improper data storage is a huge liability, and new regulations punish those who botch data privacy and compliance.

As overwhelming as data management may seem against this backdrop, it’s possible to keep data safe while fully calling on its benefits.

Here are four key challenges CIOs face in 2023 and ways to resolve them.

1. Ensuring compliance with ever-changing regulations

Data breaches are always in the news, and lawmakers are responding with increasingly robust legislation – and as a result, CIOs are dealing with information overload. Privacy laws passed years ago are now coming into effect, such as the California Consumer Privacy Act (CCPA), while major new laws may soon pass, including the American Data Privacy and Protection Act.

Existing laws are under constant review, dramatically increasing financial penalties among the most significant changes. For example, in November 2022, Australia approved a new minimum penalty for data mishandling of AU$50 million – 25 times greater than the previous maximum.

[ Also read 6 goals that should be top of mind for CIOs. ]

CIOs of multinational companies must account for the laws of every region they do business in and the laws protecting every individual using their services. This makes the margin of error for improper data handling very slim, as a single breach could trigger dozens of penalties.

The first step toward facing regulations confidently is creating a comprehensive data inventory across the business. With that awareness, you can determine all data and privacy laws that affect your organization. Too often, CIOs are surprised at the data they discover while making a compliance plan and the laws for which that data holds the company responsible.

2. Exposing data blind spots

CIOs are becoming more aware that they cannot afford to have hidden stores of data or data that exists in siloes. Siloed data may be unknown to the teams that can derive the most value from it, which undercuts its value. And if there are data stores that are completely unknown to a company, there’s no way to protect them.

Question your past assumptions about how and where your organization stores and processes data. The results of an end-to-end data discovery process across the network will bring to light previously unknown security issues.

To better understand the flow of data, open lines of communication throughout the company. Meet with people at all levels, including the CISO, security manager, operations manager, IT service manager, and individual IT staff, to ensure everyone’s data usage and goals align.

Ask employees their perspective on what’s working, what changes must be addressed, and where data blind spots may be. Involving all departments responsible for data improves knowledge and skills and ensures a stronger data strategy overall.

3. Preparing for breaches

The evolution of AI and machine learning has given bad actors new tools to fool otherwise-vigilant employees into relinquishing valuable information. ChatGPT allows anyone to write formal-sounding messages, and new deep fake technology has introduced the threat of highly convincing audio- and video-based phishing attacks.

Increasingly, organizations need to plan for when – not if – they suffer a breach. The CIO and CISO must work together to promote best practices for data security across all levels of the business. Agree that the data worth retaining has a defined business purpose. And use methods such as anonymization, encryption, or tokenization to protect the remaining data and make it worthless if stolen.

From the executive angle, help leaders understand the risks associated with data, particularly business-critical and sensitive personal information, and the importance of safeguarding all data of value.

There may be resistance from chief marketing officers (CMOs) and others who want to collect as much data as possible for its analytics potential, often at odds with the organization’s compliance and security obligations. Here, CIOs play a crucial role. You can likely mediate between the liability-focused CISO and the more opportunity-focused CMO.

[ Related read: 3 ways leaders can build a stronger security culture ]

For employees, this means conducting or implementing effective training for the entire company. This training, along with company-wide conversations and awareness programs, must happen before thieves attempt a data breach, not after.

4. Navigating resource and budget cuts

Thanks to recent widespread budget cuts and layoffs, many companies have fewer resources and people to handle the same amount of work. While this may demand tough decision-making about what to relinquish, don’t rush into any decisions. It’s worth determining whether current operations are maximally efficient or if there are ways to improve how the firm handles day-to-day processes.

Determining efficiency depends on the data routine operations generate. For example, some functions may generate timestamps, which can be used to determine how efficient those processes are. From there, monitor changes in each process, reviewing timestamp data to determine any improvements.

Further efficiencies may be possible through automation. To automate processes, businesses need to understand the flow of data in existing operating procedures. Building automation on this foundation enables maximum efficiency gains with minimal risk. Once your organization has optimized efficiency where it can, decide what cuts to make while still getting the job done.

The challenges CIOs face are substantial, but so is the payoff for working through them. If you know which regulations apply to your organization, you can build a compliance plan that helps avoid penalties and build trust with employees and customers.

Fostering conversations at all levels of the company facilitates a comprehensive data strategy that balances the business need for data with the responsibility to protect it. And maximizing efficiency allows companies to lower the impact of resource and budget constraints on operations, even in tough times.

[ Learn the non-negotiable skills, technologies, and processes CIOs are leaning on to build resilience and agility in this HBR Analytic Services report: Pillars of resilient digital transformation: How CIOs are driving organizational agility. ]

Ground Labs Co-Founder and Chief Evangelist Stephen Cavey leads a global team empowering enterprise organizations to discover, manage and secure sensitive data. He has deep security domain expertise focused on electronic payments and data security compliance.