Cyber risk management requires a multidisciplinary approach

As organizations repose their faith on CIOs and CISOs to manage cyber risk, it puts a lot of responsibility on their shoulders. A first step in this direction would be to realize the multidisciplinary nature of cyber risk.

Cyber risk management requires a multidisciplinary approach - CIO&Leader

As technology becomes more and more ingrained in business, a lot of areas hitherto managed by IT professionals are now being managed by other business executives. The marketing function has martech; there are new designations like Chief Digital Officer and Chief Data Officer. In functional areas like finance and HR, technology suppliers are pitching directly to the respective CXOs, instead of enterprise IT.

One area that has bucked the trend is security, despite the rising profile of cyber risk. According to a research by insurance broking and risk management company, Marsh and Microsoft last year, in four out of five billion dollar-plus companies, CXOs say IT department is the primary owner and decision maker for cyber risk management in their organizations.

That is reassuring for CIOs and CISOs. But that also puts a lot of responsibility on their shoulders. A first step to effectively carry that out would be to fully realize the nature and impact of cyber risk.

The cover story in this issue focuses on an important aspect—the need to take a multidisciplinary approach to cyber risk. Largely based on a landmark agenda released by Workshop on the Economics of Information Security (WEIS), a leading forum for interdisciplinary scholarship on information security and privacy earlier this year, this will help understand the broader questions around cyber risk and how different disciplines, such as Computer Science, Management Science, Economics, Law, Behavioral Science, Data Science, Accounting & Political Science address each of these roader questions. The agenda—prepared by people from different areas, such as academics, finance, law, industry associations and insurance companies—also lists major tactical questions of relevance around each of these broader questions. While we have tried to put those in perspective, keeping our readership—CIOs and CISOs in mind—I recommend those interested, can read the whole agenda. It is not very long and extremely readable.

From this issue, we have started a regular column, Transformation Exemplar, that will focus on one industry at a time to understand how digital transformation is panning out in that industry. In this issue, author Saumya Chaki, a business executive and author, has taken up mining industry.

As I write this, our Technology Premier League (TPL) is in progress. We have completed the Delhi and Mumbai rounds. The enthusiasm is unmatchable, in this only tech challenge for enterprise IT teams. I will come back with more news from the events, as we complete our rounds in Bangalore.

Read the CIO&Leader September 2019 Issue


Add new comment