author photo
By Bruce Sussman
Wed | Jun 13, 2018 | 4:45 AM PDT

The Harvey Nash/KPMG survey of Chief Information Officers bills itself as the largest IT leadership survey in the world.

And its CIO respondents report spending more time, money, and resources on cybersecurity than ever before. Here are some key findings from 2018.

5 facts about how CIOs see security

  1. Combined annual cybersecurity spending of respondents is up to a record $46 billion US
  2. 23 percent more IT leader respondents than last year are prioritizing improvements in cybersecurity 
  3. 12% more than last year say managing operational risk and compliance is a significantly increased priority
  4. Cybersecurity and risk/compliance represent the fastest growing IT priorities of company boards
  5. Only one fifth (22 percent) state they are well-prepared for a cyber attack.

Akhilesh Tuteja, Global Cyber Security Services Co-Leader at KPMG, puts a punctuation mark on the fact that corporate leadership cares much more now about cybersecurity: “Protecting the business from a cyber attack has jumped further up the boardroom agenda than any other item."

Changing role of the CIO

The survey certainly drives home another point: It's getting more complicated to be a CIO. Big changes are happening right along with the changing role of the CISO.

“CIOs have a really difficult tight rope to walk,” said Albert Ellis, CEO, Harvey Nash Group.

“On one hand the board is asking them to drive innovation, promote transparency and following recent high profile data breaches, ensure the responsible use of customer data throughout the organization.

On the other hand, the board is increasing scrutiny and demanding improved reporting on cyber security, data integrity and resilience, as regulators and consumers become much more demanding on personal data.

The organizations that can get this balance right, between innovation and governance, are in the strongest position to compete in an increasingly complex technology environment.”

Another change: The intersection of roles—CIO vs. CISO.