by Adam Dennison

Security Rises to a CEO-Level Priority

Feb 19, 20152 mins
CIOCybercrimeIT Leadership

The State of the CIO research shows that cybersecurity and enterprise risk are zooming up the charts as high-profile topics on the CIO and CEO agendas, says CIO Publisher Adam Dennison

security risk thinkstock keyboard
Credit: Thinkstock

How strategic is IT security to you and your enterprise? Our 2015 State of the CIO research, published in January, tells us that it’s certainly climbing up your priority list. Even more significantly, it’s higher on your CEO’s list, too.

In our 14th annual survey, we asked 558 IT leaders about top business and technology priorities, salary ranges, tenure in the job and much more. The good news was that CIOs are on a solid career footing overall, with almost half of you reporting to the CEO. The average CIO tenure is inching up close to the six-year mark, and two-thirds of you sit on the executive committee.

But what stood out most to me was how much time you must now devote to security and risk management initiatives as compared to last year. We saw a 7 percent jump in the amount of your daily activities spent on security versus other duties. The only other area that experienced that much of a percentage gain fell under the category of “leading change efforts.”

This sharper security focus makes a lot sense when you think about it.

With the move to the so-called “third platform” technologies (social, mobile, analytics and cloud) as primary drivers of business transformation, the cybersecurity risk factors continue to escalate. Yet it’s harder than ever to find and hire security and risk management professionals. They took the No. 2 spot on our list of top skills shortages for this year (right behind data analytics experts).

Security has clearly become as much of a business concern as an IT responsibility. With the headline-grabbing breaches at Target, Home Depot, Sony Pictures and others, CEOs and their boards are hyper-aware of the reputational damage that follows a breach. Upgrading IT security to avoid cyberattacks jumped up the list of the CEO’s top 10 priorities in our survey, from eighth place to fourth place.

I was recently talking with the CIO of a large automobile manufacturer’s finance division. He told me that his CEO said he’d be more inclined to miss a shareholder meeting than to skip an enterprise risk meeting with the CIO and the CSO.

So, how strategic has security become for you? Is it taking up more of your time and budget? I’d love to hear about your experiences, so drop me a line and I’ll send you a copy of our complete State of the CIO report.