Leading Through Crisis: What You Can Learn from Visionary CIOs and CISOs

Seldom has any group in the corporate world faced more disruption more quickly than CIOs and CISOs in the context of COVID-19. The forced, overnight digital transformation not only highlighted the vital roles these leaders play in business resilience, but it also underscored the indispensable value of planning and communication in navigating times of crisis.

The CIO and CISO’s Role in Building Corporate Resiliency

At the onset of the pandemic, CIOs and CISOs were challenged with enabling a fully remote workforce almost overnight. They had to help departments, teams and individuals navigate the transition to remote work while keeping workflow running smoothly.

While some companies struggled to adapt without losing productivity, others were better-prepared to make the shift to remote work. The CIOs and CISOs of these nimbler companies proved their abilities to manage crisis and demonstrate agility and were able to move their organizations forward rather than drifting in the early weeks and months of the crisis.

In many cases, CIOs and CISOs became the glue holding their organizations together. In my conversations with CIOs and CISOs who have successfully navigated the pandemic, some common themes emerge: the importance of planning and preparedness and the critical role of communication. Two conversations, in particular, stand out for the lessons they offer.

1. Prioritize Deliberate Planning and Preparedness

Prior to the pandemic, Ann Neidenbach, CIO of Capital Markets and Head of LSEG Technology at London Stock Exchange Group, had already prioritized moving workload and data onto cloud-based technology. Her efforts properly positioned the organization to become fully digital, which also supported them in responding to the challenges caused by COVID-19: “Two years ago we had just launched our cloud first program. Our goals were to move to the cloud and consolidate our data centers to key global hubs,” she said, “The benefits were automation and agility, and we wanted to reduce our physical footprint.”

During the early days of the pandemic, Neidenbach’s advanced focus on cloud-based solutions helped ensure a smooth transition to remote-working capabilities, providing London Stock Exchange Group with the advantage of being able to leverage cloud-based remote-working and collaboration tools.

With this cloud-first program, the way she facilitated cloud migration was different than what she had been used to: “The regulator was very much a part of the story. Guidelines had already been published in this area, so we took a different tact than how I had done cloud migrations previously,” Neidenbach said. “We negotiated with the large cloud vendors up front. It was my third time going to the cloud, but the first time with a lawyer and a compliance officer by my side, as we had the regulatory guidelines to support us.”

Recounting the benefits of closely coordinating with legal and compliance, Neidenbach said, “We had to add some formality into it, namely a deeper, more rigorous look at cybersecurity. As more companies and banks have been going to the cloud, the approach has evolved. Instead of going straight to putting workflows in the cloud, we took a more compliance- and security-based approach. We were able to point to the guidelines being followed and had the relevant teams reviewing it all, as well as the CISO, who was closely monitoring the requirements for adding restricted data.”

Neidenbach has long valued forward-thinking initiatives and, as a result, has established herself as an adept and strong leader within her company and among her peers. She tells her fellow CIOs: “People underestimate the challenge of cloud migration, especially with the first workload. It is essential to embrace the ecosystem of the cloud and experts to help you build the foundation and get you through.”

2. As a CISO, Collaborate Closely with Your CIO

When the pandemic hit, a collaborative and communicative environment among leadership teams was essential, according to Diligent’s own CISO Henry Jiang.

For Jiang, it is important to view the partnership between CIOs and CISOs as collaborative: “The CIO’s job is to make sure IT fully supports business and then the CISO mandates if it can be done securely. By design, there’s a conflict of interest. Security often gets called ‘The Department of No.’” But, Jiang continues, “the modern CISO/CIO relationship needs to be more of a partnership, despite reporting lines. During the pandemic, the CIO’s role has been to move workflow digital – which exposes security concerns. The CISO has to back this to support the business, but must understand that it needs to be done safely. In this situation, the CISO can’t simply say ‘no’ – instead, they have to to say: ‘No, we can’t do it this way, but we can do it this other way.’”

The key to this sort of partnership is company culture. Jiang maintains that “a supportive company culture with a top-down approach is so important: the executive leadership team needs to push the right culture, especially surrounding security, while boards need to provide support and stay informed about the risk.”

The Way Forward

When new challenges arise in the coming months and years that upend existing norms, CIOs and CISOs can draw on the advice and actions of Neidenbach, Jiang and others.

The pandemic has reinforced the emphasis CIOs and CISOs place on careful planning and embracing the spirit of proactive technological advancement. It is never too soon to begin thinking about the next pandemic and to begin planning around new digital transformation.

CIOs and CISOs must also remember to focus on the future and, when something doesn’t go according to plan, learn to embrace agility. As Jiang puts it, “the job is harder now, but it has allowed us to accelerate our digital transformation plan ahead of schedule. This is a once-in-a-lifetime opportunity for CISOs and CIOs to truly become partners and to aid in the accelerated digital transformation that began years ago.”

Looking ahead, the importance of CIOs and CISOs will only continue to grow as companies try their best to prepare for an unpredictable future.