If IT Managers and CIO’s (asset custodians tasked with protecting corporate data) genuinely fear for their jobs over data breaches, why don’t they demand the resources they believe necessary to mitigate the risk, or assign the risk to the asset owners. If the CIO’s well-structured business case is rejected, it is clear that the board has implicitly decided to take the risk, so why not ask them to make it an explicit agreement.
The trusty Rust Report last week published a survey by ‘Dynamic Markets’ that found 74% respondents claimed the stress was greater than divorce with 14% saying the stress of losing their job was less than that of losing data!
These are high stakes claims but I don’t think honesty or integrity is prevailing.
Compare this with the Connection Research survey published in the SMH on the same day last week.
This report claims CIO’s (62% for those that get hung up on numbers) are allocating budgets to initiatives such as Social Media and Bring Your Own Device (BYOD) that many believe are over hyped and will add no significant business benefit. Why? Well again it seems CIO’s are scared that their early adopter bosses expect them to do it.
I thought CIO’s were evolving to be leaders at the big table. These two pieces of research suggest they are not bringing the thought leadership and conviction required to their roles.
CEO’s don’t want ‘Yes men’ in their ranks. They need solid recommendations that are material to business success. The CEO will not thank them when they are sitting in a cell, killing time updating the company Facebook profile on their iPad, while waiting for their data breach hearing.
The CIO needs to get some back-bone and concentrate on the things that they claim really matter.