What Keeps CxOs Up At Night

I've had pleasure to talk to many CxOs over the recent years and collate what I think would be the key challenges for them in the new era of IT Industrialisation and Digitisation. Having in mind the burden of the new regulations, pervasiveness of data, and ubiquitous computing things have moved on drastically and requires a fresh perspective how businesses are run and transformed.

The term Digital is largely overused and should be replaced with “the-way-how-we-do-business-today”. Digital stands for - demonstrating value, competitive advantage, risk taking culture as the new forefront of the modern business strategy. Inspiration, vision, value creation, and insight seeking are putting pressure on organisations and the creatures of habit reluctant to change - it is about being able to adapt or become extinct. The same applies to vendors.

As the organisations are catching up with digital world - vendors have to follow and realise the potential of addressing the challenges below. Vendors need to help organisations to hire new talent, re-skill existing employees and fill skills gaps by looking to build a trusted ecosystem of partners. If you’re not intimately involved or you don’t understand the challenges below, whether you’re a vendor or an end-organisation CxO, then you should be worried, extremely worried…

My PoV: a good information management and governance delivers, by default, good information security, privacy, quality and stewardship.

Strategic goals:

• Understand information
• Make Information open and transparent
• Manage information
• Protect information
• Monetise information

Figure 1: The new forms of IT and business capabilities required to drive the business growth and transformation

Image source: Gartner

Paradigm shift exposes the modern CxO suite to new challenges and they arriving from the two opposite view points:

1. Risk-reduction driven, such as Chief Information Security Officer, or 
2. Opportunity/value-driven, such as Chief Digital Officer

Lately we have the role of Chief Data Officer, historically being risk-reduction focused gearing towards opportunity/value creation for the business, essentially being in a hybrid role, generating revenue as well as protecting revenue.

• How do I transform the business?

• How do I run the business more efficiently?

• How do I grow the business?

• What is the business value of data?
• How do I manage data as an asset?
• How do I manage data that crosses organisational boundaries?
• How do I keep up with information lifecycle changes?
• How do I maintain an inventory and ontology of key information assets?

• How do I create new values from business information?
• How do I monetise information assets?
• How do I create new digital channels to market and build digital relationships with customers?
• How do I embed IT in (physical) products?
• What information services I need to enhance the customer experience?
• What new information products, services and business lines I can build to sell information (previously regarded as a byproduct)

• How do I maintain order in heavily regulated and litigious world where privacy, compliance, litigation and regulatory requirements causing a proliferation of business processes?
• How do I keep up with new information types and sources - driven by the 5V’s?
• Do I have the right technology, processes and people skills to address the above?
• How do I quantify financial value of information assets, as if they were a balance sheet asset?
• How do I measure the benefits that each type of information asset generates for our organisations?
• How do I reduce cost and complexity throughout the enterprise?

• How do I consistently secure multiple sources of data, across silos?
• Rapid adoption of public clouds, personal devices, big data and changing work patterns are conflicting to regulatory requirements for data access control - how do I address this?
• How do I protect data as an asset whilst allowing collaboration and processing inside and outside the traditional organisational perimeter?
• How do I address new threats emerging from adoption of new, emerging technologies and services?
• How do I measure effectiveness of risk and security controls in my organisation?
• Do I have the right skills, processes and technology to ensure timely detection, prevention and reporting of data breaches to satisfy regulations?

• How do I understand what Personally Identifiable Information (PII) is held and processed by my organisation?
• How do I map/translate Privacy requirements to technology, processes and controls?
• How do I provide an evidence that my organisation is adequately protecting the PII?
• How do I engage with the business and provide oversight and monitoring of the data protection programme and compliance with the regulations?
• How do I provide evidence for notification and communication of personal data breaches to authorities?