A sad truth in our industry is CIOs don't often get fired for not being innovative. But they do get fired for major data or security breach or business continuity failure.
In spite of that it is a bit concerning how IT risks keep exploding.
Here are some:
There is growing acceptance that most commercially available anti-virus software cannot adequately keep up with the speed and intensity of the attacker community. If someone sophistictaed is going to target an enterprise directly, they’re likely to use a new technique, one that most antivirus products will miss.
As intelligent machines and M2M networks grow by leaps and bounds, they pose other challenges. Many transfer unencrypted data to save on processor cycles and battery life. Even more than mobile devices, there is a physical risk especially with devices “in the wild” and the potential need to wipe their data and continued access.
Employee mobile devices pose other challenges. Lost or stolen mobile devices with unwiped passwords continue with access to networks. Then there is the risk of co-mingling of corporate data on personal email and cloud sites.
Even basic stuff seems out of control. From InformationWeek survey on back up strategies "While the percentage who perform test restores for most of their applications at least once per year increased from 38% in January 2011 to 44% in our March 2013 survey, that still leaves more than half who test sporadically, at best. Admins too often exclude some systems from not only their nightly but also their weekly backups and neglect to back up data at the remote or branch offices they support."
And here is the kicker from the study above "Yet 84% are somewhat or very satisfied with their current backup systems"
If they cannot be innovative when it comes to strategic technology, the least many CIOs can do is innovate their IT risk management capabilities. And no, outsourcing the opportunity is no guarantee of success. Few outsourcers can magically improve your backups or malware situation.