Why Security Strategies Should Matter to the CIO

In the face of this constant disruption, CIOs are supporting the addition, amendment, or strengthening of logistics workflows, supply chains, commercial and service delivery models, partnerships, and geographic footprints. In all of these programmes, CIOs often see cybersecurity as a hurdle—one more challenge to navigate in the path to a successful business outcome. But I believe that cybersecurity, and security strategies more generally if designed and set up in the right way, should be seen as an enabler rather than a controlling restriction. 

Just as travel insurance gives tourists the confidence to see the world, security gives business leaders the confidence and the flexibility to innovate.

Traditionally, security has comprised binary access decisions—allow or block. This has meant security acting as a gatekeeper, with the power to approve or restrict plans and programmes. These binary approaches are actually still being pushed today, with “advances” in security actually just improving the ability to make binary allow/block decisions (for example, see the way security solutions are being repackaged as Zero Trust, while willfully misinterpreting the nuances and continual flexibility that the Zero Trust concept was designed to enable). And so security inevitably fails to shake off its reputation as a roadblock to innovation, failing to enable as much as it prohibits. 

But things are beginning to change. Security is at last evolving to become “smarter”; able to see nuance and context, upon which it can build agility and flexibility. The focus on operational efficiency has not gone away—indeed significant gains have also been made in that area—but the unavoidable and intense disruption that businesses have experienced since 2019 has finally pushed the security team to make enablement a primary objective.  

I have seen some encouraging signs of genuine interest in cybersecurity among some boards—an interest that goes beyond the usual box-ticking exercises. But we are a long way away from a broad and majority understanding of what security can do for an organisation. 

In recent years, the divide between CIOs who understand and embrace security, and those who do not has probably widened. Since 2020, the more astute security teams the world over have enabled movements in the workforce on an unprecedented scale and with next-to-no notice. They have supported fast and decisive upheaval in supply chain operations to ensure business continuity. They have facilitated the complete reinvention of go-to-market strategies for organisations whose customer base disappeared overnight.  Security teams stepped up, alongside their peers, to be heroes of positive action. At the same time, other organisations are still struggling with IT strategies that are failing to embrace the agile advantages of cloud, or harness the power of AI and ML, all because they have not understood how security can unlock these opportunities. 

And this is why a CIO that views security only as a defence strategy is missing a trick.  Security is the first step to enabling growth and innovation, and collaboration between CIOs and CISOs is a win-win. 

Businesses today are dealing with challenges not experienced for a hundred years—since before the technological revolution. CIOs are stepping up, using digital transformation to deliver against business demands to innovate across the entire organisation, from service delivery to HR and everything in between. But digital-based opportunity always brings with it digital-based threats and risk, and the CISO is a crucial business partner.