According to Forrester, in 2022 organisations saw the extent to which systemic risks, including climate change, supply chain, and political and geopolitical risks, are interconnected to enterprise risks.
In its Predictions 2023: Cybersecurity, Risk and Privacy report, Forrester argued that managing an organisation’s risks across so many areas while charting a path forward for business growth and innovation will be a challenge for many in 2023.
What is also likely true is that any success in curtailing risk will require the collaboration of various heads because as Peter Drucker wrote: “The leaders who work most effectively understand their job to be to make the team function. They accept responsibility and don’t sidestep it, but ‘we’ gets the credit…. This is what creates trust, what enables you to get the task done.”
Increase collaboration as privacy acts shift data governance strategies
According to Sam Pierson, CTO at Talend, CTOs and CISOs need to increase collaboration as privacy acts shift data governance strategies. He added that companies must prepare for data governance to become increasingly complex, especially as states develop their own privacy regulations.
“While these new regulations may come with potential roadblocks, in 2023 and onward, CTOs and CISOs will need to collaboratively make sure they’re meeting regulatory standards while also establishing best practices around efficiency and compliance internally and for customers.”
Sam Pierson
“For example, include a steady cadence of meetings focused on maintaining compliance and aligning with legal to create an actionable roadmap for potential rising regulations. These collaborative efforts will ensure companies keep compliance on top of mind, even as more regulations crop up,” he added.
The “Aha moment” using engineering practices
According to Gartner, through 2022, only 20% of analytic insights will deliver business outcomes. Planning, processes and KPIs are the most frequent sources of data project failures.
Pierson opined that for data leaders to succeed, they must drive optimum efficiency and put in place the right measurement frameworks.
“For data practitioners and leaders to realise and demonstrate the value of their data investments, they will need to apply the same processes, rigour and metrics used by engineering teams.”
“Machine learning and algorithms for greater automation, DataOps and DevOps to increase quality and reduce time to value or observability to pinpoint the problem faster will support data teams to get the job faster and maximise impact on the business,” he concluded.
Shift focus to data security
In 2022, organisations focused on cloud security, but in 2023, they will shift their focus to data security.
Nick Vigier, CISO at Talend, observed that the last few years have been focused on infrastructure velocity with the cloud, infrastructure as code, and the shift left mantra.
He added that tooling has been introduced to provide cloud posture management and attack surface monitoring in these high-velocity contexts.
“In 2023, leaders will turn a strengthened focus up the stack into data movement, provenance, health, and governance driven by an increasing focus on data sovereignty and upcoming data regulations and frameworks such as the European Health Data Space.”
Nick Vigier
More role changes are afoot
Gartner revealed that among board directors, 64% say their organisation is trying to significantly alter its economic architecture to put more emphasis on digital (revenues, margins, productivity, etc.). At the same time, 88% say they recognise cybersecurity as a risk to the business.
Vigier opined that businesses have been realising that CISOs have a unique perspective on the business and its opportunities and risks.
He added that the CISO is there to protect the business and to enable informed decision-making around holistic trade-offs.
“The CISO in 2023 needs to find ways to behave like the rest of the C-Suite, where it is not just about managing bottom-line impact but also about how top-line contribution can be achieved,” predicted Vigier.
He suggested that metrics will need to shift to how the CISO has influenced deal size, accelerated product releases, or enabled new lines of business to be created while measuring and managing security risks.
The caveat to understanding data
Vigier believed that understanding data will have a tangible impact on culture – but only if it’s guarded. He commented that as executive conversations around data literacy skyrocket, those conversations must include the entire organisation, especially security.
“A widespread understanding of data will have a tangible impact on your organisation’s culture for the better – but only if it’s safeguarded,” he continued.
He predicted that into 2023, those in leadership and in security departments should encourage employees to treat data like a currency, as it comprises key business information.
“To maintain the security of this valuable resource, creating a data culture, including controlled access, and education programs to foster a greater sense of data responsibility, will be imperative,” he added.
More effective risk management
Gartner acknowledged that today’s risks demand more from risk management initiatives. At the same time, the growing complexity of process, technology and regulation will strain everyone in the organisation from leaders down to workers unless the security stack is simplified through simplification.
Vigier argued that the simplification and consolidation of security stacks will lead to more effective ongoing risk management by business owners. Security organisations will seek to consolidate their tooling and approaches to provide holistic end-to-end perspectives on security and risk.
He noted that the last few years have been focused on infrastructure as code, shift left, automated integration and deployment, and security orchestration. Vendors have taken up niche footholds in the various areas of these tectonic shifts.
“The changes to the economic climate, where businesses need to closely evaluate their spending, a slow-down in free-money economics leading to overvalued start-ups, and decreases in staffing levels, means that the remaining solutions will consolidate,” he added.
He posited that the winners will be the ones that can tell the start-to-end story around the platform and product security to enable teams and executives to move quickly and with context. Gone are the days of individual point solutions with practitioners left to put the pieces of the puzzle together.
“Businesses will need to consolidate their storyline but will ultimately be left with a more consistent understanding of their risks and can then focus on how they make decisions – which will in turn greatly benefit the organisation,” concluded Vigier.
