Future Roles of CTO & CIO

Future Roles of CTO & CIO

Financial institutions management of ICT and security risks is one of the risk areas receiving most attention in terms of regulation, supervisory surveillance and media coverage.

Traditional IT has moved from being a supportive function, into ICT and digital solutions being the very foundation on which many businesses operate. The responsibility of managing ICT and security risks is still placed with the IT department and results in an increased pressure on CTO and CIOs. Valuable time is being lost on governance, risk management and reviews instead of discussing technical or business progress.

Increased focus on ICT governance 

The upcoming challenge will be to implement and maintain the operational resilience outlined in DORA through the implementation of an integrated framework for managing ICT and security risks. In other words: organizations will need to ensure resources for ICT governance. It is tempting to put this responsibility on existing resources, whether they are CTOs or CIOs. As they are already experiencing an increased workload in today’s digital environment, organizations will need to evaluate if this is a long-term sustainable solution. 

ICT risk management across the financial sector

In the last decades the use of ICT has gained a pivotal role in finance, assuming critical relevance in the operation of daily functions of all financial entities. DORA, unlike previous regulations, addresses a wide range of different financial entities in the market. For example banks, insurance companies, payment service companies have to adhere to DORA. Additionally other types of firms such as crypto service companies, central securities depositories, central counterparties, investment funds including AIF, crowdfunding, and third parties are also addressed in the regulation. This is the first time where ICT third parties must adhere to financial regulation and formal financial authority reviews.

Advisense help you navigate

Advisense has assisted numerous financial service entities adhering to the EBA, EIOPA ICT and security risk management regulations and prepared them for the introduction of DORA. Furthermore, we have assisted third-party providers with DORA adoptions. We believe that if the financial institutions adhere to the EBA or EIOPA regulation much of the work has already been made and only adjustments are needed. For firms that are not under the EBA or EIOPA regulation, significant adjustments will have to be made to comply with DORA.

Fredrik Ohlsson

Managing Director, Cyber & Digital Risk

Want to find out how Advisense can help you?