Kathy Gibson reports – Chief information security officers (CISOs) carry a huge load on their shoulders: they have to do more with less – but still take the hit when things go wrong.

“Digital transformation is a reality – in fact it’s going to go faster,” says Mark Walker, associate ice-president at IDC sub-Saharan Africa. “We are starting to look at Internet of Things and big data, and their use cases.”

In the new world, the balance of power has shifted from the CIO to the user, and budget no longer devolves automatically to IT. Today, as much as 76% of digital initiatives are driven by lie of business rather than IT.

“But heaven help you if there is a security breach,” Walker points out.

Organisations are all looking to digital transformation to increase revenues, reduce process cycle times and create better experiences for customers and employees.

“These outcomes are what the CIO is expected to deliver. And there is a disproportionate amount of spend going to digital transformation.”

In fact, about 42% of South African organisations are already starting on digital transformation, with a further 21% about to start and 25% planning it. Just 9% of local companies are not planning to do any kind of digital transformation.

And Africa is by no means behind the curve, Walker adds. In many instances, Africa is actually leading the world in innovation.

Digital transformation is driving mobility, analytics, cybersecurity and cloud investments, Walker points out.

Maintaining security is the top technology-related challenge that IT faces, followed by performance availability, mobility and integration.

CISOs specifically face a shortage of skilled IT security personnel, a lack of sufficient IT security budgets, the ability to stay up to date with emerging threats, poor policy compliance and a lack of mature security policies.

Regulation is a reality, Walker adds, with GDPR and PoPI both in force now. “A penalty incident is what will drive spending on compliance,” he says. “And you don’t want to be that person.”

Cloud is now mature, and cloud-based security is also now a reality, Walker points out. Companies will choose the cloud architecture that best suits them, and their security choices will follow suit.

The threats that keep CISOs awake at night are a breach disclosure, a leak of HR records, their IT systems being a major source of attack and a targeted breach.

The new-age CISO must be more than a security expert: he needs to be a trusted advisor who is always information as well as a great communicator and people manager.

“Security needs to be at the core of the organisation’s transformation vision,” Walker advises. “Business needs to fund security and security needs to become a business problem.

“Compliance issues will arise, so start thinking about how to achieve and sustain compliance.

“This can all be achieved only with increased stakeholder management. So the CISO needs to start communicating in business terms – not technical terms.”