As enterprises continue their rapid investments in AI, data readiness and cloud infrastructure to drive their digital and business transformations forward, with this expanding digital footprint and dependency, CIOs, among others in CXO leadership, are paying keen attention to the associated rising cybersecurity risks.
According to Market and Markets, digital transformation spending is worth about $911 billion, with AI-driven tools central to these efforts. AI investments are expected to reach $200 billion by the end of this year.
Joseph Batista, chief creatologist business strategy and innovation at Dell Technologies, explains many business leaders today are aggressive in their return expectations – specifically how long they’re willing to wait and see and ROI, with positive return targets often expected within one year. And this, Batista says, can result in increased cybersecurity risks. “This pressure to deliver quick results isn’t always balanced with the need for robust security measures, which often require long-term investment and planning,” he says. Batista emphasizes that the drive for AI investments requires CIOs to closely monitor their data management, security and governance practices around that data. “The security and integrity of this data is paramount,” says Batista.
The increased emphasis on swift and measurable business results in recent years has required CIOs to become even more business-focused and strategic in their roles. Daniel Clydesdale-Cotter, CIO at technology services provider Echostor, says CIOs that want to succeed and outlast the typical CIO tenure must “focus on transformational initiatives while maintaining a steady state of operations and meet security and regulatory demands.”
AI Cybersecurity Grows in Importance
AI security is expected to ramp up significantly throughout this year. Tim Crawford, a strategic CIO advisor at AVOA, points out that while AI offers significant potential across various enterprise tasks, the new risks, such as data leakage and the need for robust data and AI policy governance, are substantial. That’s likely a big driver behind the growth cited in The Enterprise Strategy Group’s annual survey, which shows that about 72% of enterprises plan to increase cybersecurity spending to protect AI infrastructure and turn to AI to enhance security effectiveness. Enterprises also plan to increase spending to heighten data management and operational resilience.
Jonathan LaCour, CTO at technology services provider Mission Cloud, notes that integrating AI and machine learning into business processes further complicates the cybersecurity landscape. CIOs must now consider the security implications of AI-driven systems and implement appropriate guardrails to prevent misuse. “As AI becomes more prevalent in business operations, CIOs must ensure that security measures keep pace with these technological advancements,” LaCour says.
Data Governance and Data Security are Top CIO Priorities
Data governance is essential to cybersecurity and information integrity. Krishna Prasad, chief information officer and strategy officer at technology services provider UST, emphasizes that reducing risk is one of the three broad areas CIOs must focus on, in addition to the seeming contradictory scaling technology rapidly enabling growth. And that risk reduction goes beyond traditional information security to validate information used for business decisions. Prasad introduces the concept of “truth operations,” highlighting the need for CIOs to align with chief risk officers to ensure the reliability and validity of information flowing through the organization. “This includes not only protecting against external threats but also managing internal risks associated with AI implementation and data handling,” Prasad says.
The shift toward cloud-based services in the past decade has also significantly reshaped how enterprises think about aspects of their cybersecurity program. EchoStor’s Clydesdale-Cotter says the focus on external applications, rather than deploying in-house, requires strong third-party vendor management to ensure service providers meet the organization’s security, privacy and regulatory compliance standards.
Wim Remes, operations manager at security services provider Spotit, says third-party risk management is becoming even more critical for many businesses that market services into the European Union due to recently revised regulations such as the Network and Information Security Directive 2 (NIS2). NIS2 applies to 18 critical sectors, including energy, health care, transport, digital infrastructure, public administration and manufacturing of essential products. Medium-sized and large entities in these sectors are automatically covered under the directive, heightening cybersecurity standards, third-party risk management, incident reporting and fines up to €10 million or 2% of global annual revenue.
Despite the digital transformation’s continued acceleration and the need for CIOs to stay ahead of emerging technologies and their associated security risks, more companies are shifting their CISOs to report directly to the CEO or the board of directors to ensure that there is a dedicated focus on both technology innovation and cybersecurity. “This shift is partly driven by new US SEC regulations, among others, that make cybersecurity more of a board-level responsibility,” says Mark Rasch, of counsel at the law firm Kohrman Jackson and Krantz LLP.
Regardless, CIOs must continue collaborating with CISOs as new technologies and services are released and risks evolve. “Cybersecurity is going to remain a big issue for CIOs this year, and for the foreseeable future, because of all of the technological business transformation underway,” says Crawford.
