There is plenty of good news for CIOs in 2018, according to the 20th annual Harvey Nash/KPMG CIO Survey, The Transformational CIO, including bigger budgets, larger headcounts and increased cloud investment. Yet, the report also reveals troubles on the transformation front, as IT organizations struggle to extend their influence and take advantage of opportunities.
In the wake of worldwide virus strikes, protecting the business from a cyber-attack has jumped further up the boardroom agenda than any other item (from 40% to 49%, a 23% increase from 2017), while dealing with data — including analytics and automation — is turning into a trust battleground. Finally, a skills shortage stubbornly continues, with 65% of IT leaders reporting that a lack of skills is holding back their strategies.
Cyber risk becomes board priority and IT communication challenge
Fred Rica, a principal in KPMG’s advisory services practice, says boards of directors are beginning to realize that they need to keep a close eye on cyber risk. “I have quite a few clients where cyber security is a standing agenda item at board meetings,” he says. However, while the Harvey Nash/KPMG CIO Survey 2018 showed that a large majority of IT leaders feel “well positioned to identify and deal with any imminent cyber-attack,” they are not necessarily communicating that in the best way to the board.
Board members are becoming frustrated, Rica adds, because IT organizations tend to present cyber security content in a very technical way. “They don’t know what it means if someone says, ‘We blocked 30 thousand events at the firewall.’” What that means for CIOs is an expectation that they’re going to deliver this content in a way that board members can understand. “They need to understand what the program is based on and how the program identifies and mitigates risks,” he says. “Forward-thinking organizations are looking at their cyber security programs as a way to enable the business and let them offer more services online and have more intimate relationships with their customers.”
The good news is, those organizations are doing a better job understanding what is most valuable to them as a company and what they want to protect the most. “I think you’re having a much different conversation now,” says Rica. “There has been a shift from more traditional security models to identifying what’s valuable and figuring out how to mitigate the most relevant threats. Rather than talking about the firewall blocking events and sensors on the network, we are talking about enabling the business.”
CIOs walk tightrope between innovation and integrity
The Harvey Nash/KPMG CIO Survey 2018 found that CIOs are struggling to balance the openness and innovation that boards are demanding with the proper governance, particularly around data security and privacy. Intelligent automation, says Rica, is a good example — as digital leaders invest more in these innovative new technologies in areas such as IT and customer support, risk of attack rears its ugly head. “It creates a whole new interesting vector of attack for the bad guys, particularly in areas like healthcare with bots or IoT or smart devices,” he points out. “But like a lot of technologies, security tends to be a bit of a follower. So, I think there’s a high likelihood that there are lots of automated processes that probably have security vulnerabilities in them that no one has discovered yet.”
But now, companies are beginning to look at these processes and devices from a security perspective — as well as from a data analytics quality and integrity standpoint. Rica says: “Given the about the amount of data organizations are putting into data warehouses, if you’re the CIO, one of the big challenges you’re going to have is around data quality — how do I make sure that data’s clean and accurate, when you think about all the different sources of that data?”
Skills shortage holds transformation efforts back
It is a seller’s market in the world of IT talent, so CIOs are struggling to access skills — such as cyber security and analytics — through efforts including outsourcing and automation. A whopping 65% of Harvey Nash/KPMG Survey 2018 respondents said the lack of talent is holding their organization back.
“There just is not enough talent, which gets exacerbated because everybody’s fighting for that same small pool,” says Rica. “It creates a lot of wage inflation and turnover, which creates a fair bit of instability because you’re losing people who have institutional knowledge and then replacing them is even more expensive.”
Without enough skilled talent to fill growing and evolving needs, the industry needs to start directing people into cyber security in high school and college, he adds. “I think we need to build a farm system, offering training in this space as a career,” he says.
Transformation challenges will remain a top area of focus
As transformation challenges pile up, technology will keep accelerating forward, presenting new risks as well as opportunities. The “Transformational CIO” will be the one that can navigate through this uncertain environment filled with risks, threats and opportunities — particularly in the realm of cyber security, says Rica.
“If you think about it, the more money and the more data, the more this all presents a great opportunity for the bad guys too. So, they’re not going to slow down, because there’s more money and intellectual property running through the systems.”
It would not be a surprise, he adds, to see cyber security continuing to rise as a priority on the board agenda over the next year. “No one is going to take their foot off the gas and say, yeah, I think we got this cyber thing all sorted out now — I just don’t see that happening,” he says. “If anything, I see it ratcheting up another notch.”