by Kenneth Corbin

Retail CIOs Focus on Data Security, Digital Innovation

Feb 20, 20155 mins
CIOCybercrimeData and Information Security

Major security breaches at leading retailers cast a long shadow over industry as CIOs look to bolster defenses and align tech team with business units.

data security thinkstock
Credit: Thinkstock

In the wake of widely publicized breaches at firms like Target and Home Depot, retail CIOs are nearly unanimous in naming data security as one of their top priorities for 2015, according to a new survey.

[ Related: Retailers Must Not Ignore Security Alerts, Court Says ]

In that poll, produced by Forrester Research and the National Retail Federation (NRF), 97 percent of retail CIOs said that efforts to strengthen their cybersecurity defenses rank in the top five items on their agenda this year.

And with good reason: Forester is projecting that at least 60 percent of businesses will uncover a data breach that exposes sensitive information this year.

“The high profile breaches in 2014 show that perimeter defense is no match for organized crime targeting customer data,” says George Lawrie, research vice president and principal analyst at Forrester.

CIOs Must Advocate for Strong Corporate Governance

Those security breaches also underscored another top concern. Seventy-eight percent of the retail CIOs surveyed said that an effort to improve corporate governance within their firms is among their top five internal priorities for the coming year, up from just 24 percent who said in the same in the NRF’s 2014 survey.

“As the executive overseeing technology principles and practices, the retail CIO must be the advocate for strong corporate-level technology governance,” says Tom Litchford, the NRF’s vice president of retail technology.

The report also reflects the concern that CIOs are expressing about the emergence of shadow IT throughout their firms, in cases where “their line-of-business colleagues may become impatient and invest independently in everything from location technologies and independently developed mobile apps to Software-as-a-Service business intelligence solutions.”

“In this rapidly evolving digital era, more and more departmental budgets have a technology component, particularly in marketing where we’re seeing significant spend shifts from traditional media to more focus on digital media,” Litchford says. “Coupled with the business’ need to evolve faster in response to the ever-changing consumer behaviors and preferences, there’s a real risk in technology investments becoming siloed, not only exposing the business to elevated security risk, but also potentially impeding their ability to serve their customers.”

[ Related: Apple Pay Has Retail CIOs Rethinking How Customers Pay ]

Budget Restrictions Constrain CIO Efforts to Fight Cybercrime

Budgets remain a challenge for the CIO. Of the retail leaders polled, 40 percent said they expect to work with a flat or declining budget in 2015, and another 34 percent said that they expect to see modest increases of less than 10 percent.

The difficulty of pursuing new technology initiatives while operating under a constrained budget was a hot topic at a meeting the NRF held in January, according to Litchford.

“While there’s no silver bullet, a couple of key themes emerged,” he says of those discussions. “First was the ability to leverage existing investments more fully to address emerging business requirements and drive new innovation. Then there was the governance discussion, and how the C-suite must prioritize and execute against a shared technology agenda. As every departmental budget becomes a technology budget, it’s paramount for the CIO to take a strategic leadership role in helping the business properly prioritize technology investments.”

Lawrie similarly warns about the perils of the CIO’s team falling out of step with the business side of the enterprise. Most commonly, he says, that disconnect arises when the tech shop fails to prioritize the projects that hold the greatest potential for generating revenue for the company, or from overly long delivery cycles for products developed on specifications written without the input of the end users.

“In our experience, the critical factor is to develop a deep understanding of line-of-business objectives and to develop a shared vision of what it will take to achieve [them], and then to iteratively deliver — first a mock-up, then minimum-viable product in an agile way, checking in with the stakeholders every two weeks — at most — for feedback,” he says.

Omnichannel and Digital Innovation Top Concerns for Retail CIOs

Other areas of concern identified in the survey included spending too much money on maintaining legacy systems, tapping into big datasets to glean useful business insights, integrating multiple channels of commerce, and hiring and retaining quality staff.

Looking forward, Litchford advises CIOs to develop their skillsets in business and consulting, and to position themselves as “the strategic advisor on organizational structure and business process.”

Additionally, he urges retail CIOs to take a cue from the innovative and fast-paced culture of the tech startup world as they consider how to reform their own operations.

“The CIO must become much more responsive to the business and be willing to take on more risk,” he adds. “[If] I had to narrow it down to one piece of advice: look for innovation everywhere, take the calls from the emerging startups, embrace rather than punish failure, just learn to fail fast and move on. The CIO who can cultivate a responsive technology culture that’s free to take risks will be the CIO who is firmly seated at the executive table.”