One-third of large enterprises engaging in digital business models and activities will have a digital risk officer (DRO) role by 2017, said Gartner.
The Gartner report said more than half of CEOs will have a senior digital leader role in their staff in 2015.
The 2014 CEO and Senior Executive Survey by Gartner said that 60 percent of digital businesses will suffer major service failures due to the inability of the IT security team to manage digital risk in new technology and use cases by 2020.
Also read: IoT opportunities
IT, operational technology (OT), the Internet of Things (IoT) and physical security technologies will have interdependencies that require a risk-based approach to governance and management. Digital risk management is the next evolution in enterprise risk and security for digital businesses by expanding the scope of technologies protected.
Role of digital risk officers
The mandate and scope of a DRO is different than a chief information security officer (CISO) and in many organizations the CISO role will continue with similar scope as in 2014.
The DRO will report to a senior executive role outside of IT such as the chief risk officer, chief digital officer or the chief operating officer. They will manage risk at an executive level across digital business units working directly with peers in legal, privacy, compliance, digital marketing, digital sales and digital operations.
Gartner said digital risk officers will require a mix of business acumen and understanding with sufficient technical knowledge to assess and make recommendations for appropriately addressing digital business risk.
Paul Proctor, vice president and distinguished analyst at Gartner, said: “Many traditional security officers will change their titles to digital risk and security officers, but without material change in their scope, mandate, and skills they will not fulfill this role in its entirety.”
Gartner predict that many CISOs will evolve into DROs as they begin to form effective partnerships with digital security teams managing other forms of technology. IT security leaders may continue with their assigned responsibilities that report to the DRO. As physical security management becomes increasingly digital, this will include the physical security teams as well.
A consistent, unified approach to digital risk at the enterprise level has the potential to deliver cost efficiencies and greater risk assurance for business processes than the fragmented approach currently in place at most enterprises.
Development of a digital risk management capability requires deconstruction and re-engineering of current organizational structures and allocations of responsibility as well as the development of new capabilities in security and risk assessment, monitoring, analysis and control.
By 2019, the new digital risk concept will become the default approach for technology risk management.
Digital risk officers will influence governance, oversight and decision making related to digital business. This role will explicitly work with non-IT executives in various capacities to better understand digital business risk and facilitate a balance between the need to protect the organization and the need to run the business.
However, the cultural gap between IT and non-IT decision makers presents a significant challenge. Many executives believe technology — and therefore technology-related risk — is a technical problem, handled by technical people, buried in IT. If this gap is not bridged effectively, technology and consequent business risk will hit inappropriate levels and there will be no visibility or governance process to check this risk.