In today’s connected digital world, balancing innovation with security is both a priority and a challenge. On the one hand, organizations demand constant innovation to stay relevant in a drastically changing world. On the other, the risks to organizations and their customers have never been higher. Bad actors now include organized crime and nation-states with vast resources.
CIOs and CISOs must develop a shared mission in this new environment, with more collaboration instead of a siloed approach – CIOs often focus on driving innovation, enhancing efficiency, and implementing new technologies, per TechStrong. By contrast, CISOs prioritize cyber security including securing data and systems, which can slow technology initiatives.
This article examines how the CIO and CISO can develop a mutually reinforcing relationship and how each can help the other grow.
The CISO position is relatively new, as the CIO position once was. But increasing cybersecurity threats are “motivating business leaders to call for stronger, more strategic leadership” from the CISO, according to a Wall Street Journal / Deloitte article. The CIO can help the CISO grow with these new demands.
Most CISOs are “technologists” with “limited exposure to and knowledge of the overall business,” the article states. In addition, the cybersecurity division may be organized under IT, legal, risk management, or operations, isolating the CISO from business functions. A full 40% of CISOs report to the CIO rather than to the C-suite or board of directors.
The CIO can help elevate the CISO in order to promote their shared mission of balancing risk and opportunity. One of the most important ways the CIO can support the CISO, the article reports, is by helping the CISO communicate with senior management and board members. Here are three areas of focus:
Align strategic plans. Help the CISO create a plan that aligns security with technology goals in a comprehensive whole. The CIO can also help the CISO make the business case for security as a strategic need, instead of a technical matter that doesn’t require C-suite attention.
Keep the message clear. Like the CIO, the CISO deals with a technical subject matter that can leave non-specialists bewildered. The CIO can help the CISO hone the message to be pertinent and digestible to each audience instead of techno-babble.
Keep the message focused. The CIO can help the CISO focus senior management’s attention on the highest priority security risks, emerging threats, and the security program’s level of readiness compared with industry peers.
Rather than setting boundaries around their respective domains, the CIO and CISO need to collaborate on security issues, according to cybersecurity expert Geoff Howard in National CIO Review.
According to Howard, “Cybersecurity, once largely considered the CISO’s domain, is now a key strategic focus for CIOs as well.” CIOs traditionally focus on “technology infrastructure, data management, and operational efficiency.” However, “CISOs wish for CIOs who understand that cybersecurity isn’t just about firewalls or compliance checklists.” Here are three suggestions to help CIOs work more effectively with CISOs:
Understand the threats. While CIOs don’t need to become cybersecurity experts, they should develop a solid understanding of current and emerging threats, as “traditional defenses quickly become outdated.” CIOs “need to understand that their technology’s security is only as strong as its weakest link.”
Integrate security and IT. The days of “set it and forget it” security have passed, Howard writes. CIOs should “embed security within each layer of IT planning and strategy” and move from making periodic updates to a “mindset of continuous improvement.” The CIO should also partner with the CISO to “incorporate security into projects from the start,” to save time and resources.
Treat security as an investment. Although security investments “can sometimes feel like financial black holes,” the CISO’s perspective is that prevention is “far less costly than the aftermath of a security breach.” CIOs should work with CISOs to make proactive security investments a shared priority.
Prevention is especially important given the bottom line impact on customer trust.
In an age of digital transformation, building enterprise trust is critical to success. Trusted companies outperform their peers by up to 400% in terms of market capitalization, according to Deloitte. Customer confidence is key. Of customers who trust a brand highly, 88% become repeat customers, while 62% buy almost exclusively from that brand.
Building trust while pushing innovation are the twin mandates of the organization’s Chief Information Officer (“CIO”) and Chief Information Security Officer (“CISO”). Aligning the elements of that dual mission is critical to seizing opportunities while managing evolving risks.
By adopting a model of collaboration over competition, “CIOs will be more likely to give CISOs the space they need” to lead “security messaging and strategy,” according to Matt Hilary CISO of Drata. The CISO is also “more likely to defer to the CIO’s expertise around the less security-focused aspects of the company’s IT strategy.”
As cybersecurity threats continue to evolve, and with customer trust at risk, CIOs and CISOs need to collaborate more closely than ever. They need to develop an overall IT security strategy and treat each other as partners rather than competitors.
If you need to leverage the highly experienced consultants and seasoned management advisors at Wull to help implement agile leadership, please contact us for further discussion. Thank you.
Copyright ©️ 2025 by Stephen Wullschleger. All rights reserved.
Leave a Reply