Because so many businesses are continuing on their digital transformation journeys, it is becoming ever more important to focus on changing not only technology but also culture, according to Gartner.
Announced in a February 11 press release, Gartner predicts that by 2021, CIO will be playing a role in establishing the right mindsets and practices in the organization, among their many other duties.
“A lot of CIOs have realized that culture can be an accelerator of digital transformation and that they have the means to reinforce a desired culture through their technology choices,” said Elise Olding, research vice president at Gartner, in the press release. “A partnership with the CHRO is the perfect way to align technology selections and design processes to shape the desired work behaviors.”
Many cybersecurity experts agree that this prediction from Gartner makes sense for the industry. "As an educator, I hear from CIO’s and CSO’s who talk about their organizational challenges, and the understanding that cultures need to change comes up regularly," said Jack Koziol, CEO and founder InfoSec Institute.
"Particularly as we look at D&I [diversity and inclusion], this has been a male-dominated industry for years, and it’s time to move forward with the understanding that we will best serve our organizations by embracing the rich viewpoints from a diverse workforce. Cybersecurity work requires problem-solving skills and a holistic view of a challenge to resolve an issue. Having a team made up of diverse individuals can only improve the outcomes."
Nearly two-thirds (67%) of organizations have already initiated a culture change as part of their digital transformation, according to a recent Gartner survey, which found that by 2021, the number will rise to 80%. This latest prediction follows one made by Gartner in 2018 suggesting that at least 95 percent of security failures through 2022 will be the result of human error, which could stem from anyone in the company, said Jonathan Bensen, interim CISO and senior director of product management, Balbix.
“All employees in a business must be educated on cybersecurity best practices and committed to following set rules and guidelines, without fail. This cultural shift must stem from company executives, including CIOs and CISOs.”
Contributing to and being responsible for culture change is a shift in the direction of soft skills, which is beyond the normal scope of responsibilities that fall under the purview of the CIO, but “digital transformation definitely requires change in routine processes with which staff have become comfortable,” said Wesley Simpson, chief operations officer, (ISC)2.
“Part of shifting the culture is to make sure the CIO, CHRO or other transformation leader is communicating transparently with those affected to clearly explain the why behind the initiative and how it will benefit the organization in the months and years ahead. People are much more willing to adopt new technology practices if they understand the vision, the plan and what their part is in it. Making the tie back to each employee will help ensure a successful and supported transformation. After all, technology is the easy part.”