Leaders have been managing and mitigating risk since the beginning of time. Still, it could be argued that the variety and complexity of risks facing CIOs, CISOs and fellow members of the C-suite is at an all-time high.
Inflation. Rising interest rates. Supply chains. Two regional wars. Global chip production. Critical infrastructure. Shifting customer behaviors. Global and societal changes. Cybersecurity. And, as evidenced by the lawsuit filed last week by the Securities & Exchange Commission against the SolarWinds CISO for alleged mismanagement of cybersecurity risks, CIOs and CISOs alike are deeply concerned about the liability risks they face going forward.
The current – and future – risk scenario is a multidimensional for CIOs, CISOs and business technology leaders. As stewards of both business technology deployments as well as cybersecurity strategies, CIOs and CISOs need to be able to clearly articulate the risks associated with the procurement and use of technologies, including Generative AI.
But it goes well beyond that. Thanks to their comprehensive view across the enterprise – including how different organizational functions and business units operate – business technology leaders must also be able to anticipate what’s coming next for the business. This includes the visionary leadership that’s needed to foresee business, customer and technology developments in core, parallel and new markets.
On November 3rd, we held one of our monthly National Advisory Board meetings with 30+ CIOs, CISOs and business technology leaders. As I began outlining the issues, I’m seeing CIOs and CISOs facing regarding risk and their role with the CEO and the Board, several attendees pointed to the actions the SEC took directly against the CISO at SolarWinds and the risk implications that this holds for them.
“Cybersecurity is supposed to be a shared responsibility within an organization. But if the SEC is going after a specific officer, what does that portend for CISOs and CIOs going forward,” commented a CISO for a financial services company. The SEC’s action is a rare example of a regulatory body targeting a CISO for alleged mismanagement of cybersecurity risks.
According to another CIO for an international paper distributor who attended our National Advisory Board meeting, his CEO is increasingly expecting him to track and manage an assortment of risks – both related to and outside of technology. That’s prompting him to spend more time focusing on risk with the company’s CFO, COO and business leaders.
There are also a whole set of people-related risks, including the risks associated with employees returning to the office along with recruitment and retention challenges. This is one of the reasons why I recruited best-selling author Stephen M.R. Covey to speak at HMG Strategy CIO & CISO Executive Leadership Summits as he describes the shift that’s taking place from a command-and-control leadership style to more of what he calls a ‘Trust and Inspire’ leadership approach.
The volume and velocity of change seems to be increasing exponentially. The intensive focus on risk prompted us to host a Nov. 7 CELA meeting focused on the roles of CIOs and CISOs in working with the C-suite and the Board on the profusion of risks being addressed by the senior leadership team.
As these issues continue to evolve, we will be increasingly focused on the roles of CIOs, CISOs, Chief Digital Officers and CTOs in addressing risk in our upcoming summits and in our Global Advisory Services.
To learn more about becoming an advisory board member in your region, contact Melissa Marr, our Vice President of Executive Programs, at melissam@hmgstrategy.com.
Leave a Reply