Company chief information officers (CIOs) are increasingly driving tech-enabled business strategy, according to a new survey that found CIOs are working more closely with company boards – although many executives are still flying blind when it comes to security strategy.

Some 57 per cent of respondents to the Logicalis Global CIO Report 2023 – which surveyed 1000 CIOs worldwide – said their main responsibility this year is the development of new digital services.

This confirms that – despite a turbulent business climate that has driven widespread cost-cutting and tech-company layoffs – the digital transformation of the past few years remains a key strategic driver for CIOs.

Such challenges may have helped drive senior company management to reach out to technology executives, with 81 per cent of CIOs reporting that they are spending more time on innovation and 77 per cent of CIOs spending more time selling those ideas into the board.

Full half of respondents said their boards actively expect them to be delivering continuous innovation – highlighting the increasing perception of CIOs as stewards of the business strategy.

“CIOs are playing a leading role in orchestrating transformation and are stepping up in response to the changing industry dynamics,” said Logicalis CEO Bob Bailkoksi, “yet they are faced with challenges to navigate, including a potential recession and talent shortages.”

“In addition to this, they are experiencing increased pressure to deliver digital-based outcomes for their organisations, giving them more exposure to their boards and requiring a different way of operating.”

In many companies, that “different way” seems to be that their traditional remit – implementing technology to support business strategy – has changed dramatically: 41 per cent reported having some level of responsibility for business strategy as well as the technology to deliver it, and 80 per cent said business strategy will become a bigger part of their role in the next two years.

Innovation and digital transformation are two of four primary areas of focus for CIOs identified in the study – the others being strategy and the reimagination of service partnerships, which is expected to see three-quarters of CIOs spending more on IT outsource management this year than last.

“Many CIOs are facing budget constraints that make it essential to do more with less,” the report notes, “however, the answer is not simply cutting back or dialing back innovation. CIOs are responding to market challenges by developing strategies that drive growth, improve efficiency, and deliver the innovation increasingly demanded by customers, employees, and partners.”

Blind spots on cyber security

For all their legitimisation by company boards, however, many executives admit that when it comes to cyber security, their companies are still making cyber security decisions without the benefit of insight into the actual threats they face.

Fully 79 per cent of respondents to a new Mandiant study of 1,350 cyber security decision makers said their organisations make most cyber security decisions without information about the threat actors that are targeting them.

This is often because while information about attackers and their methods is available, security executives have trouble integrating into the company’s strategy and execution – a problem reported by 54 per cent of Australian respondents.

Worse still, the survey found that 69 per cent of Australian security professionals still believe that, despite the increased outreach of company boards, those boards still underestimate the threat their companies face from cyber attacks – despite 22 per cent of Australian companies saying they have suffered a severe data breach in the past 12 months.

Despite the persistent of this ‘it won’t happen to us’ mentality, however, Australian security executives were less confident than those in other countries that they could defend themselves against an espionage-style attack by a rogue nation – with just 68 per cent of Australian respondents saying they could do so, compared with 83 per cent globally.

Despite this and other cyber security vulnerabilities, the Mandiant respondents found that cyber security is, on average, only discussed every four or five weeks with the board, C-suite, and other senior stakeholders.

The figures put a new cast on the findings that CIOs are increasingly strategic, with cyber security policy apparently a persistent blind spot that has yet to be addressed in many companies.

Those findings suggest that CIOs need to be more proactive not only about innovating for the business, but on engaging with cyber security leaders to ensure that innovation is protected from outside threats.

“Modern CIOs have the right leadership skills and technology expertise to ensure their organisation is well equipped for the digital world”, explained Logicalis chief technology officer Toby Alcock. “Rather than just supporting business needs through technology, the CIO is now using technology to help create new business models and tap into more revenue streams.”