- Half of CIOs are prioritizing security management this year, as CEOs push for IT and data security upgrades to reduce corporate risk, according to IDG's annual CIO survey, which included responses from almost 1,000 heads of IT and 250 line of business participants.
- Increasing cybersecurity protections is the top business initiative for 2022, especially for IT leaders in the government, education, manufacturing and healthcare sectors. Respondents cited socioeconomic factors for driving focus on security, the report said.
- The majority of IT leaders, 76%, expect to be more involved in cybersecurity this year, while maintaining their role as the primary technology decision maker, the report said. This is particularly for CIOs in government, healthcare and manufacturing. Security and risk management skills are also the top skills CIOs are expected to seek this year.
Without visibility into a company's tech stack, a CISO's ability to defend a network is weakened. Software complexity is a top challenge for CIOs and CISOs.
The reporting structure between CIOs and CISOs varies. With IT and security demands sometimes at odds, many CISOs report directly to the CEO. However, a direct CIO to CISO rapport gives leaders insights into the network and what is necessary to defend it.
The majority of CIOs engage with their CEOs more than other C-suite executives, while engagement is evenly split between CISOs and CTOs, a 2021 IBM report found. The survey was based on 2,500 responses from CIOs and 2,500 responses from CTOs between May and September 2021.
IBM found that cybersecurity is among the shared responsibilities of the CIO and CTO.
Nearly three in five respondents (57%) cited security improvements as a driver for their budget increases this year, according to IDG. The top technology investments for 2022 are in security and risk management, followed by data and business analytics, and application and legacy system modernization. Upgrades to IT infrastructure came second to security improvements as reasons for budget increases, IDG found.
The increased focus on cybersecurity can bridge potential technological gaps between IT and the security organization. SolarWinds, for example, is a tool CIOs were likely familiar with, Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency (CISA), said during a virtual Gartner conference in October. CISOs "may not have had as deep an understanding of the Orion product and platform," the software's criticality in maintaining network operations, Krebs said.
CIOs and CISOs play equal roles in defensive collaboration — each has a responsibility to demand higher security standards from the vendors they work with. CISOs have the responsibility of shedding light on risk, not necessarily security practices for their C-suite counterparts.