17 August 2024
|
Zaker Adham
Securing resources has become more straightforward, according to Feroz Merchhiya, CIO of the City of Santa Monica. However, the responsibility of tech leaders to demonstrate the value of these investments remains crucial. This article is based on insights from a CIO Dive live conversation between Editor Roberto Torres and Feroz Merchhiya. You can watch the session on-demand.
High-profile incidents and escalating threats have heightened the C-suite's awareness of the risks associated with poor security practices.
"Fortunately — or unfortunately — discussions around security and technology investment are becoming relatively easier," said Feroz Merchhiya during the CIO Dive live event.
Nearly 90% of IT decision-makers expect their security budgets to increase in the next year, with 14% anticipating a budget increase of at least 15%, according to an ETR survey published in May. Cybersecurity is also a top priority for enterprise upskilling efforts and a key component of generative AI plans. Merchhiya, who joined the City of Santa Monica in July, previously held a dual CIO-CISO role at the City of Glendale in Arizona. During his tenure, a series of events underscored the importance of investing in security best practices.
In 2023, Glendale hosted Super Bowl LVII, Taylor Swift’s Eras Tour, and Beyoncé’s Renaissance Tour. The influx of fans and tourists created a target-rich environment, and leaders were already on high alert due to cyberattacks targeting local utility services nationwide.
Most CIOs don't have to look far to see the real-life implications of inadequate security. Despite the C-suite's increased awareness of risk, tech leaders must still demonstrate and maximize the value of cybersecurity investments.
"The overall requirement of operational resiliency and having the technology to support that resiliency doesn’t change whether you’re in the public or private sector," Merchhiya said.
3 Lessons: Take Stock, Find Gaps, Show Value
Even with increased focus on cybersecurity, leaders are responsible for making the most of their resources.
"You have to be mindful of every dollar you spend, and in my mind, there’s no secret sauce to figuring out how to maximize the value," Merchhiya said. It starts with being realistic about business needs.
"Look at your assets, see what they deliver for you," Merchhiya advised. Technologists often get attracted to new and emerging technology, but it's essential to cross-reference tools with use cases to uncover gaps and app sprawl. This process helps determine whether new tools or technologies are necessary.
"Many issues can be addressed with simple, basic cybersecurity hygiene," Merchhiya noted.
While C-suite leaders set goals, tech leaders must know how to elevate their organization's tech stack. Sometimes, this requires an internal culture shift that CIOs can guide.
Engaging the C-suite can involve highlighting market changes or challenges and building relationships. Organizations with a legacy mindset, characterized by reluctance to change, may need more persuasion to update policies or practices.
"Education goes a long way when you return during budget conversations and ask for investment because they understand the context," Merchhiya said.
Linking investments to an ROI analysis strengthens the case for more resources. Tech leaders should clearly understand and explain how tools or capabilities prevented breaches, mitigated risks, or expedited recovery.
"Each organization will have those opportunities in the context of their operating environment, and they have to do that," Merchhiya said. "But it’s a concerted effort to present that benefit so that your business partners can understand what your investment is delivering."