With inflation reaching the highest levels in 40 years, IT and security leaders are facing some headwinds going into 2023. Top executives and board members expect a shorter timeframe to see value in digital initiatives, forcing CIOs and CISOs to stretch their resources. At the same time, cybersecurity is a top concern as the threat landscape continues to be a challenge.
Now, IT leaders must reevaluate which technologies they are making bets on and ensure value in their investments. So, what actions can technology leaders take to mitigate the impact of inflation and strategically invest in the future?
CIOs and CISOs in Melbourne gathered recently to discuss the global surge in inflation, its impact on the IT organisation, and how to respond in order to achieve their goals. Tracey Evans, CIO at Seek, moderated the program with George Abraham, CISO at Novatti, and Damian Beltrami, CIO at Toll Group, as discussion leaders.
Tracey kicked off the session with her observations of the current economic climate, noting that they are seeing a softening in the market in terms of job postings. She also said that while the pandemic enabled organisations to take on more initiatives, companies are more regimented now with their resources and budgets. Overall, hybrid work opened up many opportunities for employees and employers alike, and cybersecurity roles are in high demand.
Key Takeaways from the Discussion
CIOs and CISOs discussed in small groups how to maximise talent investments, how to balance pressure on resources with critical cybersecurity needs, and how partners can play a valuable role in bolstering security. These are their key takeaways:
Current times call for a different approach to talent recruitment and retention.
There was much discussion about how to balance the benefits of remote work in recruiting employees from any location with the fact that some organisations want their employees back in the office at least on some days. Some leaders are finding better collaboration among their teams when they spend time in the office. A few executives acknowledged that they are still struggling to retain employees, especially smaller organisations.
CIOs and CISOs agreed that there is a greater focus on developing existing talent, finding ways to build cyber skills, and promoting talent from other areas into cybersecurity. One executive noted that they are developing cyber skills within their platform engineering team. IT leaders also discussed value-based recruitment, in which organisations recruit based on character and alignment with core values and then develop the candidates’ skills.
IT and security leaders need to articulate the value of security investments.
C-level IT and security leaders are feeling the pressure from executive teams about spending, while at the same time, they have to prioritise cybersecurity and mitigate risk. One CIO noted that it’s important to be able to articulate that “we are spending the right way.” Another executive said that companies are actually increasing their spending in this space, but that comes “with the responsibility to show how to maximise it.”
No spending should go to waste, so organisational change is also important. Leaders need to consider factors that might affect their investments, such as awareness, training and changing behaviours internally. Other executives said they are taking a new approach to cybersecurity strategies based on threat profile. Another CIO noted that they are using automation not as an approach to reducing headcount, but rather as a way to free up people’s time to focus on the right things.
Rather than thinking of vendors as service providers, consider them valuable partners in the security ecosystem.
In cybersecurity, vendors and partners are important for a lot of organisations. The executives in attendance noted that vendor management is key, and it’s important to understand all of the players and consider how many you can track. As one CIO noted, it’s hard to govern hundreds of partners, but much easier to manage four or five.
Governance is critical, in general, as are regular health checks. Other executives agreed and added that transparency is also important with partnerships. One CISO observed that the closer you let a supplier to your users or customers, the more important it is for everyone to know the guardrails.
As expectations and circumstances continue to shift, IT and security leaders have to maximise their investments across the board. In the area of talent, they are working on retention and upskilling, as well as trying to recruit in different ways to fill security roles. CIOs and CISOs are also focused on prioritising their resources, communicating about the value of investments, and optimising their relationships with key partners.
To continue the discussion on security concerns and rising expectations for CIOs and CISOs, join a CIO or CISO community near you, or check out our calendar for opportunities to get together in person and virtually.
by C-Level, for C-Level
Find your local community and explore the benefits of becoming a member.