What You Need to Know About Digital Risk Officers
-
CEOs to Hire Digital Leaders
More than half of CEOs will have a senior digital leader on their staff by the end of 2015, according to Gartner's 2014 CEO survey. -
Expanding IT Security is Insufficient
Just expanding your portfolio of IT security to include technology risk for all Internet-aware technology is not enough. Skills and tools beyond the competence of the IT security team will be managed outside the IT department. -
Enduring a Major Service Failure
By 2020, 60% of digital businesses will suffer a major service failure due to the inability of the IT security team to manage digital risk when it comes to new technologies. -
The Emergence of Digital Risk Officers
The DRO will start to emerge in the enterprise in 2015. DROs will need skills in the IoT, operational technology, physical security, privacy and digital marketing spaces. -
Digital Risk Officers in 2017
By 2017, one-third of large enterprises engaged in digital businesses will have a DRO or the equivalent officer. -
Needed DRO Skills
New skills, beyond those of today's Chief Security Officers, will be in demand. In security, for example, DROs will need to know about: Network and endpoint security, Security concerns in the integration of IT and operational technology, Embedded software and system security, Machine-to-machine security, Identity and access management across the business where digital identities are related to civil and social identities, Physical security management -
A New Approach to Digital Risk
A unified and consistent approach to digital risk could deliver cost-efficiencies and improved risk insurance for businesses better than the fragmented approaches currently used by most enterprises. -
Required Digital Risk Management Capabilities
The Gartner report suggests the deconstruction and re-engineering of current organizational structures, the allocation of responsibility, and the development of new capabilities in security and risk assessment, monitoring, analysis, and control. -
Needed Risk Management Skills
In-demand risk management skills will include risk management processes, risk assessments that span digital business models end-to-end, and risk management that supports decision-making at the senior executive level. -
Innovation and Risk Assessments
DROs should investigate how digital innovation will change key business leaders' tolerance of risk in the enterprise.
The role of digital risk officer (DRO)—to manage risk for all forms of digital technologies—is rapidly evolving. The reason for this development is that the traditional concept of IT security is insufficient, according to Gartner's 2014 CEO survey. DROs will combine business acumen with technical and security knowledge and will need new skills beyond those typically required of risk and security officers. "By 2019, the new digital risk concept will become the default approach for technology risk management," says Gartner Vice President and Distinguished Analyst Paul Proctor. "DROs will influence governance, oversight and decision-making related to digital business. This role will explicitly work with non-IT executives in various capacities to better understand digital business risk and facilitate a balance between the need to protect the organization and the need to run the business." Proctor warns that the culture gap between IT and non-IT decision-makers poses a "significant challenge" and must be bridged, otherwise consequent business risk will "hit inappropriate levels." For the Gartner report (fee required), click here.