Skip to main content

Hidden stakeholders: Why CISOs hold the key to successful digital transformation

(Image credit: Image source: Shutterstock/Wichy)

Digital transformation is now omnipresent. Companies are rapidly modernising their infrastructures and processes to improve customer service, application development, supply chain collaboration and much more. According to our research, the vast majority of businesses (74 per cent) are engaging in some level of digital transformation today, with most deploying projects at enterprise scale. 

That said, there are interesting differences between the priorities of various teams when it comes to these projects, both in terms of initiative types and the goals behind them. Most notably, senior IT leaders tend to target productivity, while business executives are typically motivated by reducing costs. Mitigating risk exposure, however, falls bottom of the list for both.

Business are employing everything from foundational technologies like cloud to emerging initiatives like DevOps and robotic process automation, to boost productivity, increase revenue opportunities and reduce costs. However, these new technologies and processes also create novel risks and operational challenges that should not be ignored.

Aligning priorities across teams

The role of the Chief Information Security Officer (CISO) is integral to the success of digital transformation (DX) initiatives. Clearly, these projects bring a fair degree of risk. But all risk, whether operational, regulatory or cybersecurity-related, must be weighed against the greater risk of doing nothing and falling behind in the market. CISOs can help business stakeholders make this case by demonstrating how cyber-risk can be managed, even as enterprises open up to the digital world. Nearly half (44 per cent) of the participants in our study said digital business projects would move faster if security leaders were involved from the onset – leading to faster time to value.

Yet, despite this, most companies aren’t making security a strategic priority as they embrace transformative technologies. Most organisations don’t have a dedicated security team in place responsible for DX and only 38 per cent report that CISOs are brought in at the beginning of these initiatives.

That could be because many view CISOs as ‘functional managers’ rather than strategic advisors who can help guide digital business strategies. In fact, 40 per cent report that they would either find workarounds or move forward without security’s approval if security teams deemed their proposed initiative too risky. This shows a clear disconnect between perception and actions. Although security is widely considered as crucial to DX initiatives, not enough is being done to involve security teams from the beginning. This could be attributed to cultural issues within organisations, the need for speed trumping strategic business counsel, or the lack of support from other business leaders. It could also be a dangerous mixture of all these scenarios.

Creating a security-first mindset

While DX programmes offer a significant opportunity for CISOs to demonstrate their strategic acumen, a security-first culture starts at the top. It’s not just up to CISOs to “lean in” more. Driving meaningful change within an organisation requires the rest of the top line business leaders to champion the importance of security throughout the project, and ensure it cascades throughout the organisation. However, there are some actions CISOs can take to drive this change.

For instance, CISOs can adopt a more strategic approach, instead of simply focusing on the day to day management of technologies and systems. This involves aligning themselves closely with the business objectives of digital transformation projects. CISOs can also conduct thorough research into potential security tools and how they relate back to these objectives. These insights can then be used to formulate a solid business case, including clear examples that show how security can impact, but also enable, DX projects.

As CISOs forge relationships with other C-suite colleagues across the business, they should learn about DX projects as soon as they’re hatched. With business acumen in hand, they can proactively drive projects on their own by asking business unit leaders about the key technologies they lean on in relation to market dynamics or industry trends. They should also be able to predict when the CEO, CMO, or CFO is going to need to deploy technologies within DX projects and lead this by bringing the technology in question – and the accompanying security measures – to the table.

Beyond accelerating the speed of change, there are other benefits to having security leaders involved earlier in DX projects. This includes improving quality of outcomes, having foresight of project requirements and risks, and a greater collective appreciation of the role of security. Early engagement with digital DX projects also allows CISOs to understand the parameters for success from the outset and align themselves accordingly.

Prioritising risk mitigation

Although minimising or reducing risk exposure is not among the top DX priorities, building cyber and privacy risk management into all digital initiatives is another area where CISOs can add considerable value to transformation efforts. A recent IDC report corroborates this by noting that risk mitigation in digital transformation projects provides a ‘perfect opportunity’ for CISOs to play a role in the strategic direction of their business. By improving risk confidence, security leaders can ‘make waves at the board level’.

Risk mitigation must work across any and all transformational efforts, whether they’re focused on cloud, robotic process automation (RPA), DevOps, or business-critical applications. The common theme among all projects is the need for secure access at all times. This also involves protecting the privileged accounts and credentials with access to the critical functions and data that support these technologies. It’s critical to provide this credentialed protection across an organisation’s entire digital business — on premises, in the cloud, and in hybrid cloud environments

Companies must be able to move fearlessly into the new digital landscape. Privileged access security provides CISOs with the ability to proactively address the expanded digital attack landscape, secure data, and strategically address risk mitigation for their employers.

The evolving and expanding cyber-threat landscape has proven that security concerns nowadays must be considered at the very beginning of any IT project. Transformation initiatives deserve heightened security consideration and CISOs deserve a seat at the table from the get-go. Business leaders must acknowledge security’s ability to shape and accelerate digital transformation initiatives – and elevate and empower CISOs to drive these changes. Organisations that get this right will be best equipped to move fearlessly forward in the new digital landscape.

Justyna Kucharczak, Senior Product Marketing Manager, CyberArk