Notes from the MIT CIO Symposium: Digital Disruption Changing the Role of the CIO
Recently, I again had the pleasure of attending the MIT Sloan CIO Symposium. This annual gathering of senior IT and business leaders and academics, now in its 12th year, is a thought provoking day, packed with great presentations, panels and networking. As the Dean of MIT Sloan David Schmittlein said in the opening remarks, “If you don’t do anything different after coming to this event, we’ve failed.” I doubt anyone left without things to do – but I’m guessing most people left wondering which of the great ideas and actions to address first.
While a lot of great topics that impact the CIO and corporate leadership were discussed, there were two that really stood out to me:
- The new role of the CIO and that of technology within an organization
- The pressing need to address cybersecurity
At last year’s conference, I got a clear sense that IT was becoming better aligned to the business. This year’s presentations and panels built on that as CIOs become more strategic and integral to the business overall. Peter Weill, Chairman of the MIT Sloan Center for Information Systems Research, kicked off a panel discussion about the role of the CIO, CEO and the Board in dealing with digital disruption by stating that upwards of 32% of a company’s revenue is under threat due to digital disruption. Peter described three core responsibilities of executive leadership:
- Defensive – keeping the lights on, protecting the data, adhering to regulations, essentially running the business
- Oversight – transformational projects that improve how IT supports the business, and managing overall digital and IT spending
- Strategy – looking at new business models and how to address and harness digital disruption
The panel – comprised of CEOs and CIOs – then discussed how executive leadership needs to balance these responsibilities. Jennifer Banner, the CEO of Schaad Companies, commented that the role of the CIO in particular has changed dramatically over the past 10 years from being purely defensive and oversight, to being much more focused on strategic initiatives. This view was reiterated during a panel later in the day as panelists commented, “what used to be 100% of the role is now table stakes and 20% of the role.” Keeping the lights on is no longer sufficient – the CIO needs to look at how the business can create new product lines and find new customers.
At the same time that the CIO needs to be a more strategic contributor to the business, technology is becoming more pervasive across the business. Chris Perretta, the EVP & CIO of State Street Corporation made a great point that 100 years ago everyone who typed was in the typing pool. When you needed something typewritten, you went to the typing pool. Today everyone types. In the same way, the idea that you have to go to the IT department to address any technology needs is antiquated. Brook Colangelo, the EVP & CTO of Houghton Mifflin Harcourt built on these shifts in saying that the “IT” name and image has a bad rap, much as ERP did after decades of delayed and failed implementations. To reset this image at Houghton Mifflin, he has renamed his group to be the Technology Group as a broader indicator of their role in supporting the use of technology across the business.
At the same time that the role of the CIO is changing, the CIO and the rest of the company is under increased cyber threats. It’s an issue that everyone at every company must take very seriously. Perretta said it best: “If I blow my budget, I’ll probably get another chance. If I blow risk, I’m out.” Professor Stuart Madnick, the Director of MIT (IC)3 kicked off a lively panel entitled “Cybersecurity: New Approaches to Assessing and Maximizing Your Protection,” by stating that there are only two kinds of organizations: (1) Those that know that they’ve been hacked, and (2) those that don’t know it yet. He outlined the perfect cyber security storm: unprotected aging infrastructure mixed with a host of new technologies – from cyber currency to hacker tools. Madnick advocated that businesses should treat security with the same emphasis that manufacturing organizations treat workplace safety: in much the same way as you see signs in factories proclaiming how many days it has been since the last accident, he recommended digital signage indicating how many milliseconds since the last breach.
Although the panel certainly had the audience squirming thinking about their own company’s security, the group also brought actionable advice and some levity to the topic. Rather than just defending at the edges, IT needs to address cybersecurity at every level of the infrastructure, and businesses should think about treating security like common HR topics and conduct training around security best practices as they do for sensitivity and harassment. One panelist even quipped: “the fact that everything is connected means that everything can be hacked – I’m going to mess with your latte!”
Whether or not you are worried about someone hacking your latte, the overall message from the day was clear – and George Westerman, a research scientist with the MIT Initiative of the Digital Economy summed it up nicely in a closing session: “There has never been a better time to be a great IT leader, and there has never been a worse time to be an average IT leader.” We are living in an age of digital disruption with very real cybersecurity threats every day – and the CIO has a tremendous opportunity to guide the business through this disruption to becoming industry leaders.Like This