The Digital Transformation and the Role of the CISO

Jean-Christophe Gaillard Jean-Christophe Gaillard
May 1, 2019 IoT & Automation

Cybersecurity needs to be at the heart of the digital transformation, but organisational models will have to evolve

 

Cybersecurity is in the process of becoming an essential component of any organisation’s digital transformation journey. There is no way around this, especially as policymakers start dipping their toes into privacy and security issues, and societal norms are shifting on the topic.

In fact, privacy and security considerations are the key ingredients of digital trust and must be at the heart of any industry’s digital transformation. Far from being solely technological issues, they encompass for many firms profound cultural and governance issues.

The necessarily transversal nature of security and privacy matters needs to be woven into the fabric of an organisation for the digital transformation to succeed over the long-term, and this will force existing organisational models to evolve.

Of course, most new technology layers enabling the digital transformation need to be protected from interference, intrusion, or corruption. This is especially the case across industry sectors seeking to take advantage of the enormous opportunities offered by driverless vehicles and the logistics sector – amongst others – could be unrecognizable in ten years’ time.

digital transformation logistics

New technologies will also generate and feed on massive amounts of data – most of it sensitive or private – that will need to be collected, processed, and safeguarded in a way that is both sensible and ethical. This is absolutely key for example in the retail sector where the growing trends towards the enhanced personalisation and the digitalisation of the consumer’s journey are literally turning the industry on its head.

digital transformation retail

The concepts of security by design and of privacy by design will inevitably become any organisation’s best allies in its innovative endeavours and must be taken seriously by all digital transformation players, especially as the regulatory and social contexts become harder to navigate.

As data is increasingly becoming the fuel of the digital value-chain, it needs to be understood and treated as a truly valuable asset by all firms and protected as such.

But this must not be seen as a mere technical matter: It needs to be addressed across the corporate spectrum as a full managerial and cultural matter and could have deep organisational implications.

There is no doubt – in our opinion – that organisations which put information security and privacy at the heart of their digital transformation from the start could obtain a real competitive advantage in the mid-to-long run.

As a matter of fact, the recent launch of the General Data Protection Regulation (GDPR) in the EU is changing dramatically the incentives landscape for all businesses active in Europe.

Make no mistakes: The GDPR is an integral part of the digital transformation paradigm and illustrates how external forces – in this case, regulation – can and will be applied by politicians to try to restore market equilibrium – in this case, in the face of ruthless data monetisation – to protect the perceived interests of consumers and citizens.

Organisations can now be fined up to 4% of their global turnover for non-compliance but may be faced over the short-term with incoherent rulings and shifting legal norms (as nobody really knows yet how the regulators will act in practice). In addition, firms are now required to report any relevant data breach to the regulator within 72 hours. This will require capabilities of detection, analysis and reaction, which go far beyond the scope of the security teams and will force many corporate stakeholders to work together on those matters (security, IT, legal, DPO teams, senior management etc…). As such, the GDPR could be a painful lesson as to why cybersecurity is necessarily a transversal matter for organisations of all sizes.

Finally, and perhaps most importantly, respect for privacy and the protection of personal data is likely to become a true competitive advantage as our societies become increasingly warry of these issues.

This shift is well illustrated by the first complaints filed under the GDPR framework. Privacy activists such as Max Schrems or the French Quadrature du Net, for example, have already started to drag high-profile tech companies (Facebook, Google, Instagram, etc…) into what could become lengthy legal proceedings. Depending on how the regulators react, this could have deep implications on how data-driven businesses are to operate in Europe.

As consumers and other stakeholders start scrutinising more and more corporate attitude towards data, failing to acknowledge their concerns over these privacy issues – or worse, making the headlines when the next scandal hits – could do more harm to any business than a regulator’s fine.

At the heart of those matters lies a deep reliance on digital trust. Once broken, it is the entire digital value chain which collapses…

Investors themselves are starting to regard digital trust is the true “secret sauce” of the digital transformation, and security and privacy – as its key ingredients – are fast becoming serious components at the heart of any sound ESG framework.

Increasingly, security and privacy become intertwined, but it makes little sense from a corporate governance perspective to allow a new privacy organisation under a DPO to grow in parallel to – or in conflict with – existing security structures. Synergies are obvious and need to be leveraged, and where security practices are deemed dysfunctional or in need of improvement, this could provide an ideal opportunity.

In fact, it could be the start of a major evolution around corporate perceptions of security and privacy, from burden, annoyance and costs, towards becoming central management functions.

But organisational models will have to evolve as a result to accommodate the truly transversal nature of security and privacy matters and carve out a niche for those new corporate functions.

new security organisation model

At this junction, the traditional role of the CISO – heavily influenced by a technical bias, tactically-oriented and project-driven in many firms – could become exposed.

Not in its functional existence – IT security is more essential than ever – but in its corporate prominence. Having failed to project their roles beyond the tactical and technical fields for the best part of the last decade, many CISOs could find themselves pushed down the organisation while CSO and DPO roles take centre stage at the top.

With those new roles should come new people and a new focus, and probably a different way to approach security matters and talk about them.

We could be at the start of an exciting decade for all security professionals.

  • Experfy Insights

    Top articles, research, podcasts, webinars and more delivered to you monthly.

  • Jean-Christophe Gaillard

    Tags
    Internet of Things
    Leave a Comment
    Next Post
    Using Machine Learning to Detect Tax Fraud

    Using Machine Learning to Detect Tax Fraud

    Leave a Reply Cancel reply

    Your email address will not be published. Required fields are marked *

    More in IoT & Automation
    IoT & Automation
    Could the IoT Help End Hunger? Farmers Are Finding Out

    Internet of Things (IoT) gadgets are everywhere. Cars, buildings, roadways, airplanes, home appliances, and other items have tens of billions of sensors, processors, and internet-connected gadgets. IoT devices detect motion, regulate temperature, share and collect data, measure weather, and provide location information, power logistics, and medical research. They also enable self-driving vehicles, to name just

    5 MINUTES READ Continue Reading »
    IoT & Automation
    10 Biggest Opportunities for IoT Innovation in 2021

    IoT is a powerful economic driver. IoT Innovation is actively shaping businesses and consumer trends. Most of the technologies developed before and during the pandemic address the Internet of Things directly or indirectly. From healthcare and retail to automobile and manufacturing, IoT innovations are opening new avenues across industries.  It covers almost every segment of

    8 MINUTES READ Continue Reading »
    IoT & Automation
    10 Things to Consider When Starting an IoT Project

    One of the biggest issues companies face when starting an IoT project is deciding who should be responsible. Should it be the engineering team that is responsible for the core technicalities of the device, or should it be the product management team that is responsible for the end functionalities of the IoT product? Starting on

    8 MINUTES READ Continue Reading »

    About Us

    Incubated in Harvard Innovation Lab, Experfy specializes in pipelining and deploying the world's best AI and engineering talent at breakneck speed, with exceptional focus on quality and compliance. Enterprises and governments also leverage our award-winning SaaS platform to build their own customized future of work solutions such as talent clouds.

    Join Us At

    Contact Us

    1700 West Park Drive, Suite 190
    Westborough, MA 01581

    Email: support@experfy.com

    Toll Free: (844) EXPERFY or
    (844) 397-3739

    © 2023, Experfy Inc. All rights reserved.