Gartner Predicts Emergence of Digital Risk Officer in 2015
Report: “Innovation Insight: Digital Business Innovation Risk — The Rise of the Digital Risk Officer.”
With the digitization of business has come the emergence of numerous IT trends, from social media and Cloud computing to big data analytics and the growth of mobile devices. Each one brings a multitude of new risks including malware, fraud, denial-of-service attacks, hacking, data theft, social engineering attacks, cyber espionage and more.
By the end of 2015, more than half of CEOs will include a senior “digital” leader role on their staff, and by 2017, one-third of large enterprises engaging in digital business models and activities will also have a Digital Risk Officer (DRO) role or equivalent. That’s according to the 2014 CEO and Senior Executive Survey by Gartner, Inc.
Gartner predicts that by 2020, 60% of digital businesses will suffer major service failures due to the inability of the IT security team to manage digital risk in new technology and use cases. The new interdependencies of IT, Operational Technology (OT), the Internet of Things (IoT) and physical security technologies will require a risk-based approach to governance and management.
To respond to the changing landscape, digital risk management is the next evolution in providing enterprise risk and security for digital businesses expanding the scope of technologies requiring protection.
The role of the DRO, to manage risk for all forms of digital technologies, is rapidly evolving. The traditional concept of IT security is insufficient, and Gartner’s 2014 CEO survey demonstrated that DROs will need new skills beyond those typically required of risk and security officers.
“Digital Risk Officers will require a mix of business acumen and understanding with sufficient technical knowledge to assess and make recommendations for appropriately addressing digital business risk,” said Paul Proctor, vice president and distinguished analyst at Gartner. “Many traditional security officers will change their titles to digital risk and security officers, but without material change in their scope, mandate and skills, they will not fulfill this role in its entirety.”
While this new structure may not have a substantial impact on IT and IT security operations — especially for enterprises that have already established a Chief Risk Officer (CRO) — the potential impact on the culture of IT and IT security teams could be substantial.
This new superset of technology created by IT, OT, IoT and physical security challenges the ability of existing organizational structures, skill sets and tools to consistently and adequately assess, define and manage technology risks. The future of technology must transcend the current competence of the IT security team in its current responsibilities. And, the teams currently involved in management of these technologies are culturally distinct from the IT organization.
“By 2019, the new digital risk concept will become the default approach for technology risk management,” said Proctor. Digital risk officers will work together with non-IT executives to “influence governance, oversight and decision making related to digital business … However, the cultural gap between IT and non-IT decision makers presents a significant challenge. Many executives believe technology — and therefore technology-related risk — is a technical problem, handled by technical people, buried in IT. If this gap is not bridged effectively, technology and consequent business risk will hit inappropriate levels and there will be no visibility or governance process to check this risk.”
For a detailed analysis of the report, visit Gartner’s website at http://www.gartner.com/doc/2771823.