Somewhat unsurprisingly, it’s been speculated that due to trends such as ‘Bring Your Own Device’ and the Internet of Things (IoT), IT security practices defined by the chief information officer will have to be expanded. According to Gartner, it will take the form of the ‘digital risk officer’ (DRO).
It will be their task to figure out and define the risks associated with their company’s digital innovation. The reasoning behind this new role us that by 2020, 60 per cent of digital businesses will suffer major service failures due to the inability of the IT security team to manage digital risk in new technology and use cases. IT, operational technology (OT), IoT and physical security technologies will have interdependencies that require a risk-based approach to governance and management.
So digital risk management is now considered the next evolution in enterprise risk and security for digital businesses that are expanding the scope of technologies.
But how do you go about finding one? Paul Proctor, vice president and analyst at Gartner suggests that digital risk officers will require a mix of business acumen and understanding with “sufficient technical knowledge to assess and make recommendations for appropriately addressing digital business risk.”
In most cases, many chief information security officer’s (CISO) will evolve into DROs as they begin to own or form effective partnerships with digital security teams managing other forms of technology.
“Although many traditional security officers will change their titles to digital risk and security officers, without material change in their scope, mandate, and skills they will not fulfil this role in its entirety,” Proctor adds.
The impact of this new structure of digital risk governance and management on IT and IT security operations is expected to be minimal, particularly in those enterprises that have already appointed a chief risk officer. However, the potential impact on the culture of IT and IT security teams is major.
“By 2019, the new digital risk concept will become the default approach for technology risk management,” said Proctor. “Digital risk officers will influence governance, oversight and decision making related to digital business. This role will explicitly work with non-IT executives in various capacities to better understand digital business risk and facilitate a balance between the need to protect the organisation and the need to run the business.”
“However, the cultural gap between IT and non-IT decision makers presents a significant challenge. Many executives believe technology — and therefore technology-related risk — is a technical problem, handled by technical people, buried in IT. If this gap is not bridged effectively, technology and consequent business risk will hit inappropriate levels and there will be no visibility or governance process to check this risk.”
By Shané Schutte
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
