Retail CIOs Focus on Data Security, Digital Innovation

Major security breaches at leading retailers cast a long shadow over industry as CIOs look to bolster defenses.

In the wake of widely publicized breaches at firms like Target and Home Depot, retail CIOs are nearly unanimous in naming data security as one of their top priorities for 2015, according to a new survey.

In that poll (PDF available here), produced by Forrester Research and the National Retail Federation (NRF), 97 percent of retail CIOs said that efforts to strengthen their cybersecurity defenses rank in the top five items on their agenda this year.

And with good reason: Forester is projecting that at least 60 percent of businesses will uncover a data breach that exposes sensitive information this year.

"The high profile breaches in 2014 show that perimeter defense is no match for organized crime targeting customer data," says George Lawrie, research vice president and principal analyst at Forrester.

CIOs Must Advocate for Strong Corporate Governance

Those security breaches also underscored another top concern. Seventy-eight percent of the retail CIOs surveyed said that an effort to improve corporate governance within their firms is among their top five internal priorities for the coming year, up from just 24 percent who said in the same in the NRF's 2014 survey.

"As the executive overseeing technology principles and practices, the retail CIO must be the advocate for strong corporate-level technology governance," says Tom Litchford, the NRF's vice president of retail technology.

The report also reflects the concern that CIOs are expressing about the emergence of shadow IT throughout their firms, in cases where "their line-of-business colleagues may become impatient and invest independently in everything from location technologies and independently developed mobile apps to Software-as-a-Service business intelligence solutions."

"In this rapidly evolving digital era, more and more departmental budgets have a technology component, particularly in marketing where we're seeing significant spend shifts from traditional media to more focus on digital media," Litchford says. "Coupled with the business' need to evolve faster in response to the ever-changing consumer behaviors and preferences, there's a real risk in technology investments becoming siloed, not only exposing the business to elevated security risk, but also potentially impeding their ability to serve their customers."

Budget Restrictions Constrain CIO Efforts to Fight Cybercrime

Budgets remain a challenge for the CIO. Of the retail leaders polled, 40 percent said they expect to work with a flat or declining budget in 2015, and another 34 percent said that they expect to see modest increases of less than 10 percent.

The difficulty of pursuing new technology initiatives while operating under a constrained budget was a hot topic at a meeting the NRF held in January, according to Litchford.

"While there's no silver bullet, a couple of key themes emerged," he says of those discussions. "First was the ability to leverage existing investments more fully to address emerging business requirements and drive new innovation. Then there was the governance discussion, and how the C-suite must prioritize and execute against a shared technology agenda. As every departmental budget becomes a technology budget, it's paramount for the CIO to take a strategic leadership role in helping the business properly prioritize technology investments."

Lawrie similarly warns about the perils of the CIO's team falling out of step with the business side of the enterprise. Most commonly, he says, that disconnect arises when the tech shop fails to prioritize the projects that hold the greatest potential for generating revenue for the company, or from overly long delivery cycles for products developed on specifications written without the input of the end users.

"In our experience, the critical factor is to develop a deep understanding of line-of-business objectives and to develop a shared vision of what it will take to achieve [them], and then to iteratively deliver -- first a mock-up, then minimum-viable product in an agile way, checking in with the stakeholders every two weeks -- at most -- for feedback," he says.

Omnichannel and Digital Innovation Top Concerns for Retail CIOs

Other areas of concern identified in the survey included spending too much money on maintaining legacy systems, tapping into big datasets to glean useful business insights, integrating multiple channels of commerce, and hiring and retaining quality staff.

Looking forward, Litchford advises CIOs to develop their skillsets in business and consulting, and to position themselves as "the strategic advisor on organizational structure and business process."

Additionally, he urges retail CIOs to take a cue from the innovative and fast-paced culture of the tech startup world as they consider how to reform their own operations.

"The CIO must become much more responsive to the business and be willing to take on more risk," he adds. "[If] I had to narrow it down to one piece of advice: look for innovation everywhere, take the calls from the emerging startups, embrace rather than punish failure, just learn to fail fast and move on. The CIO who can cultivate a responsive technology culture that's free to take risks will be the CIO who is firmly seated at the executive table."

Join the CSO newsletter!

Error: Please check your email address.

Tags securityForrester Research

More about Forrester ResearchHome Depot

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Kenneth Corbin

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts