Skip to main content

The three wise men of digital risk

(Image credit: Image Credit: Deepadesigns / Shutterstock)

Most people know the nativity and its key characters – how Jesus came to be born in a stable to Mary and Joseph. How he was visited by shepherds, guided there by an angel, and the three wise men who arrived, following a star, each bearing a gift for the new born.

In today’s enterprise, we have our own set of digital wise people – the CIO, CISO and CRO. They each have different gifts to offer the enterprise – just like the wise men. However, they will only reach their goal and be able to deliver their gifts if they work together. Despite their collective accountability for digital risk management, they often have conflicting priorities and face unique challenges that can in some cases make it harder, not easier, to keep their businesses resilient. By not working together, they introduce blind spots that can amplify the digital risks their business faces. Our three digital wise people can learn a lot from the wise men who followed their guiding star to deliver their gifts.

The three digital wise men

The CIO, CISO and the CRO all play a critical role within the overarching risk profile of an organisation, making sure their company takes a considered approach by embracing the risks necessary to innovate while remaining resilient and secure. Each digital wise person brings a unique skillset and expertise to the business. But equally, each has their own diverse priorities and face some unique challenges:

  • The Chief Information Officer (CIO): The first digital wise person focuses on the infrastructure that keeps the businesses running, using their technical knowledge to support users and limit downtime, while enabling innovation to protect and enhance market share. With 82 per cent of organisations already implementing a digital transformation program or initiative, the CIO is increasingly focused on modernisation, improving their organisations’ agility, speed and efficiency. But as businesses undergo these seismic changes, the CIO is faced with managing the subsequent explosion of devices, users, applications and data on the network.
  • The Chief Information Security Officer (CISO): The second digital wise person is laser-focused on the challenge of malice. While digital transformation may create many opportunities it also widens the attack surface for hackers, making it harder than ever to protect the enterprise. With cyberattacks now ranking fifth on the World Economic Forum’s global risk list, the CISO prioritises tackling data breaches and cyberattacks, remediating after any attacks and developing their team’s knowledge of threats and the security landscape. CISOs are constantly fire-fighting the new security challenges created by digital business. All the while, the growing cybersecurity skills shortage and the speed of attacks are compounding the challenges this digital wise person faces.
  • The Chief Information Security Officer (CISO): The second digital wise person is laser-focused on the challenge of malice. While digital transformation may create many opportunities it also widens the attack surface for hackers, making it harder than ever to protect the enterprise. With cyberattacks now ranking fifth on the World Economic Forum’s global risk list, the CISO prioritises tackling data breaches and cyberattacks, remediating after any attacks and developing their team’s knowledge of threats and the security landscape. CISOs are constantly fire-fighting the new security challenges created by digital business. All the while, the growing cybersecurity skills shortage and the speed of attacks are compounding the challenges this digital wise person faces.

The digital risk story

In theory, our three digital wise people have a shared purpose – to protect the business. However, they all see this goal through their own lens, which can put them on divergent paths – unlike the wise men in the nativity, who follow the single guiding star together to locate Jesus and deliver their gifts. We often witness the CIO, CISO and CRO working in silos, each following their own star to achieve their individual aims.

These conflicting priorities can create a number of blind spots in the digital business landscape. For example, the CIO who prioritises the ‘gift’ of modernisation needs to develop a new application to store and send information to customers and get it to market before any competitors to gain that competitive edge. This immediately puts the CIO at odds with the CISO who, prioritising the ‘gift’ of security, needs the time to thoroughly review the new application for any cybersecurity risks. The final digital wise man, the CRO, concerned about the ‘gift’ of compliance is also in conflict given the potential customer data privacy risks to be managed.

While each digital wise person’s priorities are interconnected, because they typically work in silos this can lead to conflicting priorities and increased digital risks. It doesn’t help that the CIO often sees the CISO as the person who always puts the brakes on innovation, and the CISO sees the CRO as the person who just ticks boxes, focusing resources away from what they see as the real risks. Ultimately, digital risk impacts each of our digital wise people, but this siloed approach means organisations are missing key insights and business context that can help them collectively decide how to manage risks and reduce the number of blind spots.

Rewriting the digital risk story

Managing digital risk in the web of connections, data, people, processes and tech our businesses have become is extremely challenging. The complicated, interdependent set of business and technology challenges mean risk can’t be reduced single-handedly. The CIO, CISO and CRO need to take inspiration from the nativity and follow the same star to reach their goal.

By breaking out of their silos, the digital wise people can ensure they collectively have the broadest visibility across the entire organisation and eliminate blind spots. Having this high-level overview ensures the business has the right information and context to understand what is happening. The CIO, CISO and CRO can then make informed decisions on what actions to take – prioritising based on the potential value and losses in each situation. A collective approach will also allow for the response to risks to be automated, where appropriate. The three digital wise people are then free to focus on other priorities.

A happy ending?

Managing digital risk effectively needs to be a top priority for every business. Failure to do it effectively can result in disruption to business operations and customer experience, loss of customer data or company IP, reputational damage, lost revenue, fines and more. But organisational resilience cannot be achieved in silos. It is only possible if the CIO, CISO and CRO – the three digital wise people – follow the example of the nativity and align their priorities and challenges into one to pave a single path to success.

Chris Miller, Regional Director UK & Ireland, RSA Security

Topics

cio
ceo