The roles of the CIO, and Chief Information Security Officer (CISO), have changed considerably over the past decade. Chief amongst these changes are that the security-based demands from company stakeholders have increased substantially as a result of major technological and cyber advancements.
Cyberspace is constantly evolving; its potential and real threats, vulnerabilities, complexity, and interconnectivity are always changing. The threat is asymmetric as activists, cybercriminals and nation-states disproportionately increase traditional information risks. In many organizations, cyber-security opportunities and risks have become a board-level issue, so the CIO, like the CISO, must engage at the boardroom level, where information strategy and risk should sit comfortably with other types of strategy and risk that the board oversees.
Information Security Under Pressure
Highly publicized breaches, and more stringent regulations, have put the spotlight on information security in most organizations around the world.
In a recent report, “Estimating the Cost of Cybercrime and Cyber Espionage,” conducted by the Center for Strategic and International Studies (CSIS) and sponsored by McAfee, it is estimated that cybercrime and cyber-spying are costing the U.S. economy $100 billion each year and the global economy perhaps $300 billion annually. Malicious cybercrimes are estimated to cost as many as 508,000 jobs in the U.S. alone. This has put unprecedented pressure on C-level executives to assure stakeholders that sensitive information is secure. And as information security moves up senior management and the board’s agenda, pressure will continue to mount. Like CISOs, CIOs must be able to shape the message and relay their successes to the board to sustain high-level support for security initiatives. A recent CEO survey, conducted by PwC in its Annual Global CEO Survey 2013, cited cyber-security as having the third highest possible impact on organizations—even ahead of a natural disaster disrupting a major trading and manufacturing hub or military tensions affecting access to natural resources.