CIOs are becoming increasingly important as cybercrime inflicts significant operational, reputational and financial damage, and company boards fear losses that might ruin business forecasts.
Regardless of the company size, though, CIOs and CISOs are perceived by CEOs and boards as the ones responsible in the event of a data breach. Not all IT executives have earned a seat in the boardroom or at the senior leadership table, and some are unlikely to succeed in a leadership role outside of information security, as recent reports state.
One in six CEOs consider that CSOs will have more influence inside the company than chief human resources officers. About 60 percent of CEOs also plan to take steps soon to convene multiple meetings with their cybersecurity team, and more than half will have CSOs meet with their board. Security’s arrival at board level is also confirmed by one in three CEOs who say they met four to six times in the past 12 months with their executive team or board of directors on cyber security.
As a result, CIOs will have the greatest increase in compensation in 2016 among IT specialists (from 4.4% to +6.4%, depending on the role). The average CIO will make $277,700 this year, according to a recent survey cited by HOTforSecurity. IT executives at enterprises with 1,000 or more employees earn $401,500, on average, compared to $189,420 at companies with fewer than 1,000 employees.
As encouraging as these figures may sound, CIOs should keep in mind they have to rise to the security challenge. If not careful, they may end up making mistakes that could cost them their jobs.
Here are the top five mistakes that can leave IT managers jobless:
Neglect DevOps and user expectations
Many traditional enterprises see their brands suffer when their IT department can’t keep internal software up to par with customer or internal user expectations. As we showed in 5 Ways IT Executives Risk Irrelevance, a huge contributor to that shortfall is the cumbersome nature of waterfall development and traditional software delivery processes. As performant IT departments are turning to DevOps and continuous delivery methods for a more sustainable, faster software development lifecycle, the main objective is to deliver smaller incremental code deploys on a more frequent basis through better collaboration between developers, operations, QA and even security staff to decrease the friction and failures that arise from them operating within their own silos. When done right, DevOps has been shown to help organizations pump out 30 times more deployments with 50 percent fewer failures. Executives who ignore the magnitude of these upsides do so at the risk of their careers.
Recent surveys show that three quarters of technology executives expect their companies to spend 1% to 5% of their revenue on IT security over the next 12 months, while nearly half of the companies report that IT business processes are not automated yet. A huge part of the continuous delivery value chain is the optimization of automation at all levels of IT: for infrastructure orchestration, test environments, build and deploy, performance monitoring or security, automation makes it possible to break out of the ruts that hold IT back from strategic innovation. IT must overcome these automation shortfalls to elevate itself in the ways line-of-business leaders demand, because CEOs won’t increase IT budgets as much as needed. Last year, Gartner predicted worldwide information security spending will grow 4.7% to reach $75.4 billion in 2015.
Fail to innovate and experiment
Continuous innovation and experimentation are key factors that help an organization shift from being one of the disrupted to one of the disruptors. IT executives are urged to find ways to help the business experiment through pilot projects, skunkworks divisions, hackathons and new internal collaborations. Achieving this aspiration starts at the top, with two key changes from IT executives: a shift to delegate creatively so there’s time to dedicate toward driving experimentation, and engaging in a transformation of leadership style that will be receptive to the new ideas these experiments reveal.
Get insufficient value from Big Data
Data-driven IT can help improve efficiency by tailoring system administration based on performance metrics, while data-driven security can help IT security and risk managers dynamically respond to threats in real-time. Most importantly, though, data-driven business decisions can fundamentally shape the way the enterprise manufactures products, develops services and markets them according to market trends. Using Big Data properly requires significant investment and collaboration between CIOs and the highest reaches of lines of business, which will take a significant effort in relationship-building.
Treat cloud as just a cost reduction tool
Three in four companies say cloud computing has given their organization a competitive advantage, with 71% expecting cloud to reduce complexity in their business, according to a study by Harvard Business Review. Therefore, IT executives who fixate on cost reduction are missing half the picture when it comes to cloud’s possibilities. It is true that virtualization and cloud infrastructure have brought huge savings to IT budgets. Even though these economic benefits are enough to start the adoption of cloud services, IT executives can face major security risks unless they define specific clauses in the contracts with their providers. Here is a useful guide to help you secure your cloud.
The cloud infrastructure also allows both small and large companies to experiment freely with new applications, establish better collaboration and connectivity of applications through APIs and continuously deliver software. The telemetry and tracking of the millions of devices that make up the Internet of Things could only be possible through the scale of cloud infrastructure designed to ingest all of that information. The magnitude of Big Data storage and analysis would ensure it was once only available to the most financially flush organizations. Now the cloud makes it feasible for even SMBs to take advantage.