By Bill Tanner, Editor, Intelligent CIO Latin America
If the ‘purveyors of cybersecurity products’ didn’t already have LATAM in their sights – the region is right in their face now.
Really, though, the findings of the 2024 LATAM CXO Priorities Report reinforce what should’ve been staring back at them – reflecting, as they do, on a marketplace where the potential for cybersecurity products stares down ever-emerging regulatory requirements and the demonstration of ROI.
Let’s summarize those findings, then, from a cybersecurity perspective.
From a total sample size: 200 LATAM CIOs and Technology Leaders, the top three countries in terms of responses were Brazil (43%), Mexico (23%) and Argentina (12%). Other countries also included Chile, Columbia, Peru, Uruguay, Ecuador, Costa Rica and Bolivia.
Collaboration and communication across the C-suite are identified as critical components of an effective cybersecurity strategy with the role of the CIO in decision-making and strategic planning becoming increasingly prominent.
That is balanced by the increased pressure LATAM CIOs believe is on them to become a revenue- generating part of the organization (33%) over the next five years – as well as being seen as a more strategic function within the business (33%).
With the majority of respondents saying they will prioritize cloud security, cyber-resilience and third-party risk management over the next 12 months, many are using AI for threat simulation and attack prediction – while 27% are using it for malware detection and analysis.
Concerns are split across a range of responses; however, governance and compliance received the largest share of the vote with 18% followed by delivering value and ROI at 16% and needing to do more with less budget and resources at 15%.
That emphasis on ROI highlights the pressures CIOs are under to ensure technology investments can demonstrably deliver value. Compliance and governance are currently top of mind for technology leaders as international directives such as the Digital Operational Resilience Act (DORA), Cyber Resilience Act (CRA) and NIS2 Directive, as well as local regulations, require attention to avoid potential penalties.
But if communication and collaboration are as central tenets of C-suite cohesion – the report concedes that neither are guaranteed with success largely attributed to building a good company culture.
The findings suggest this is widely recognised and prioritized by respondents, with more than half conceding that collaboration between their role and the wider C-suite was ‘excellent’.
However, there is scope to improve this as 46% of respondents said this collaboration was only ‘fair’.
Some of the suggestions from respondents on how to improve this include:
• Ensuring cybersecurity measures support business growth and sustainability initiatives
• Enhancing communication and alignment to support digitalization efforts
• Leveraging technology for operational efficiency
• Facilitating cross-functional collaboration to strengthen cyber defense and safeguard critical assets
• Improving communication and coordination to drive Digital Transformation
That leaves boards with an important role in defining organizations’ cybersecurity strategies – as the report also acknowledges.
Only 14% of respondents reported a passive role for their board, in which they were kept informed but did not necessarily get involved in strategic objectives.
For 33% of respondents, though, the board has a ‘significant influence’ and for 32% the board is involved in strategic decisions.
The remaining 21% said the board sets their strategic goals. This is indicative of how cybersecurity is now seen as a core business function – if not already deeply embedded across the organizational structure.
However, respondents did express some challenges, including:
• Coping with skill shortages and expertise gap, hampering effective cybersecurity strategy implementation
• Insufficient cybersecurity awareness and training across the organization
• Struggling with alert fatigue and false positives, hindering effective threat response
• Resistance to adopting new technologies in traditional industries
• Limited resources and budget allocation for IT initiatives
• Under pressure from compliance and regulatory requirements, necessitating continuous adjustments to security policies and practices
On success metrics used in evaluating security posture and demonstrating value to the business and board, 22% of respondents use compliance with industry-specific regulations, indicating a strong adherence to regulatory standards.
A total of 30% measure success on the return on the ROI of cybersecurity initiatives or technologies, underlining the financial aspect of security decisions.
The reduction in risk exposure or risk scores based on risk assessments is a success metric measured by 15% of respondents, highlight a proactive approach to risk management and other metrics such as cost per incident handled or prevented compared to the industry average, number of remediated security incidents or breaches within a given period and return on value (ROV) of cybersecurity initiatives or technologies for the business and attainment of business objectives are also considered.
Overall, then, the report confirms that collaboration within the C-suite and across business functions is essential for strengthening cyberdefences and aligning strategic objectives.
In highlighting the need for adaptive strategies that link cybersecurity challenges and ROI, the report shows strategic focus will be key to driving business transformation and ensuring long-term success for LATAM’s tech leaders as they navigate a fast-expanding tech landscape – with shifting horizons.
Read more about the evolving role of the CIO and the importance of c-suite collaboration in Palo Alto Network’s report here.
Click below to share this article