Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Rise of the digital risk officer?

Hamish Barwick | July 15, 2014
A new security role called the digital risk officer (DRO) is emerging in response to new cyber threats introduced by the Internet of Things (IoT), according to Gartner United States distinguished analyst Paul Proctor.

A new security role called the digital risk officer (DRO) is emerging in response to new cyber threats introduced by the Internet of Things (IoT), according to Gartner United States distinguished analyst Paul Proctor.

He has forecast that some enterprises will have a DRO or equivalent role by 2017 to handle risks that may emerge from the IoT.

"DROs will require a mix of business acumen and understanding with sufficient technical knowledge to assess and make recommendations for appropriately addressing digital business risk," he said in a statement.

According to Proctor, the scope of a DRO is "very different" to that of a chief information security officer (CISO).

"The DRO will report to a senior executive role outside of IT such as the chief risk officer, chief digital officer or the chief operating officer. They will manage risk at an executive level across digital business units working directly with peers in legal, privacy, compliance, digital marketing, digital sales and digital operations," he said.

According to Proctor, IoT and connected devices form a "superset of technology" that challenges the ability of existing cyber security structures, skills and tools to manage technology risks.

Read more: Three reasons government tech projects fail

"Simply expanding the portfolio of the existing IT security team to include technology risk for all Internet-aware technology is not viable," he said.

"New technology managed outside of the IT department requires skills and tools beyond the competence of the IT security team in its current responsibilities, and the teams involved in management of these technologies are culturally distinct from the IT department."

In addition, he said the development of a digital risk management capability requires deconstruction and re-engineering of enterprise structures and allocations of responsibility, as well as the development of new capabilities in security and risk assessment, monitoring, analysis and control.

"DROs will influence governance, oversight and decision making related to digital business. This role will work with CEOs and managing directors in various capacities to better understand digital business risk and facilitate a balance between the needs to protect the organization and the needs to run the business."

Trying to bridge the "cultural gap" between DROs and CEOs presents a significant challenge, however. "Many executives believe technology -- and technology-related risk -- is a technical problem, handled by technical people, buried in IT. If this gap is not bridged effectively, technology and consequent business risk will hit inappropriate levels and there will be no visibility or governance process to check this risk," he said.

According to a Gartner CEO and senior executive survey conducted in April 2014, 50 per cent of the 410 CEOs, CFOs, COOs and other executives who took part said they will have a senior digital leader role in their staff by the end of 2015.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.