The cyber-security landscape has shifted in recent years, moving from a situation where almost all attacks used malware programs to one where the threats are far more advanced. The industry has developed new strategic defence paradigms in response; terms such as "assume breach" are now commonplace, a term denoting a situation where companies acknowledge that it's almost inevitable to be hacked, rendering a prevention-only focus as insufficient.
Such has been the magnitude of the transformation that cyber-security as an issue now demands the attention of decision makers at the top of the business. Moreover, cyber-security now has real potential to transform the structure of the boardroom table and may already be doing so. Senior professionals have added weight to the debate in recent times, considering where the brief of cyber-security sits and analysing the rationale and benefits of each board position taking on the responsibility.
This discourse is now offering another solution: the creation of a new role. The chief data officer (CDO) is gaining traction in some sectors and research firm Gartner's latest prediction that 90 percent of large organisations will have a chief data officer role by 2019.
In a broad sense, the CDO is responsible for maximising the value of data within the organisation and for broader data governance. With that in mind it would stand to reason that the CDO should have at least some role in protecting the value of that information. The argument is that, due to this unique position, CDOs can bring together business and technology aims in a way few others can and that can help the business secure itself digitally. The CDO may often have greater oversight of the key issues, and may in fact be better placed to deal with these than a chief technology officer or even the chief information officer. Saying this, early holders of the CDO position appear to be aligning themselves to the established CIOs, with Gartner recently finding that most early holders of the CDO role said they treat the CIO as an ally or partner (62 percent). This may change though, as the CDO becomes more established and flexes its muscles, affecting change across key business disciplines.
Improving security culture throughout the business requires a long-term, diverse approach. Technology alone cannot deliver sufficient security; rather businesses must address the issue at the heart of the company and create a natural environment for secure employee behaviour. CDOs have the potential to act as the driving force behind establishing this culture, fostering an awareness of the threats surrounding company data.
Additionally, the CDO has complete oversight of the way in which data and computer systems are utilised, making the position crucial in developing secure IT processes bespoke to their business. This will help address common pitfalls experienced by many organisations. After all, according to the 2016 Cyber Security Breaches Survey only 29 percent of total businesses polled have formal cyber-security policies in place, or have cyber-security risks documented in continuity plans or internal audits. On top of this only 17 percent of total businesses have had staff trained in cyber-security in the past twelve months. The CDO role is perfectly positioned to change this.
The CDO is ideally situated to also inform the organisation about, and push for, investments into new technological means of protecting companies in the midst of the growing cyber-security threat to businesses. Companies need to evolve their defensive tactics in line with the threat landscape. Technologies that provide comprehensive security can be integrated into every aspect of an organisation's operations. These can also be future proofed not only to offer the best line of defence against the growing capabilities of attackers but to also allow companies to stay one-step ahead.
Such is the integral nature of the cyber-security brief and the growing importance of this new CDO role, Gartner predicts 15 percent of successful chief data officers will move to CEO, COO, CMO or other C-Level positions by 2020. This shows the ever-growing influence and importance that securing a business against cyber-threats has in the boardroom. The constant shifting landscape of that threat will only cement this influence and, thanks to the NCSC and its delivery of the National Cyber Security Strategy, will place it front of mind for the entirety of UK plc. The CDO role looks like it's here to stay.
Contributed by Bryan Lillie, chief technology officer, QinetiQ Cyber
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.