Boards Push Security, Rush to GDPR Compliance

IT leaders are prioritizing improvements in cybersecurity at a growing rate in an effort to fight cybercrime threats and become GDPR compliant, reports the Harvey Nash/KPMG CIO Survey 2018

More than one-third of organizations surveyed in April reported that they did not expect to be compliant by the recent GDPR deadline, though 68% report that they have the support needed from their boards to ramp up investments to bring them into compliance.

“The seemingly inevitability of a cyber attack crosses all borders and has now crossed firmly over the threshold for board-level discussions,” Akhilesh Tuteja, global cyber security services co-leader, KPMG International, said in a press release. 

“Protecting the business from a cyber attack has jumped further up the boardroom agenda than any other item and IT leaders are being encouraged to make their defences the best that they can be,” Tuteja said.

David Ferbrache OBE, chief technology officer in KPMG's cybersecurity practice, said that data privacy and cybersecurity are closely intertwined. "With the introduction of the GDPR, privacy has become very much a front line issue. It was no surprise to see that 38% of survey respondents said they would ‘still be on the journey’ at the GDPR start date and only 15% said their compliance programme would be ‘complete’. "

Less than a quarter (22%) of respondents stated that they are in a good position to respond to a cyber-attack despite the overwhelming number of IT leaders (77%) whose greatest concern is the threat of organized cybercrime.

In addition, many organizations are in the nascent stages of their digital strategies, with most digital investment focused on the front end rather than on operational activities. According to the survey, 78% of CIOs believe their digital strategy is – at best – moderately effective, with only 32% of organizations reporting to have an enterprise-wide digital strategy. 

Those organizations that have a dedicated chief digital officer (CDO) are more than twice as likely to have an all-encompassing digital strategy. "The incessant rise of shadow IT, the explosive growth of the CDO and the changing nature of technology have removed many of the certainties that have fueled the importance of the CIO role," Ferbrache said.

A relatively new role, the CDO is responsible for driving the value of digital in a business across technology and operations. "It has less legacy and baggage than more traditional roles like the CIO, although many CIOs would argue that they are CDOs in everything but job title."

Half of all IT leaders now report having either a dedicated or acting CDO, but Ferbrache noted that 40% of organizations do not have a CDO and did not indicate plans to establish such a role. "The size of the IT budget is directly proportional to the likelihood of having a dedicated CDO, with larger organisations much more likely to have one."

What’s Hot on Infosecurity Magazine?