Gartner Blog Network

Welcoming Security and Risk to the Digital Ecosystem

by Sam Olyaei  |  March 9, 2017  |  Submit a Comment

Gartner’s 2017 CIO Agenda shows more and more enterprises joining digital ecosystems as digitization initiatives mature. Top performing organizations especially, separate themselves from the rest of the pack by emphasizing leadership, organization and technology capabilities.

This surge has serious implications for the security and risk management leader, in terms of new and more complex data elements and “things” that need to be protected, new partners/players that need to be managed, and the rise of new organizational structures that emphasize agility and Mode 2 projects (see term “Bimodal“) , among other risks that encompasses ecosystem participation.


  • Security and risk management leaders face resource and cultural limitations as CIOs extend their technology core to be digital-ecosystem-ready. CIOs and other business executives at these top performing organizations are driving the surge towards digital platforms and participation in digital ecosystems with emphasis on areas such as digital security, advanced analytics, and IoT. SRM leaders risk losing a seat at the leadership table if they don’t adapt their strategy to both support these initiatives and manage the risks (and players) that arise from ecosystem participation. Security must be viewed as an enabler, not an inhibitor of business performance.
  •  CIOs have indicated that the biggest barrier to success is the lack of skilled practitioners with a primary emphasis on cybersecurity and advanced analytical skills. This scarcity is critical for security and risk management leaders, who often operate in a silo and face a cybersecurity talent shortage that is only worsening.
  • Digital ecosystems will prioritize value over cost, but will still drive cost optimization where relevant. This will challenge security and risk management leaders to engage and demonstrate the value of the security team’s work to the business and other ecosystem partners such as regulators.

I explore these findings further and provide actionable advice for Gartner clients in a new research note titled “The Security and Risk Management Leader’s Guide to the Digital Ecosystem”.

This analysis will also be presented at Gartner’s Security and Risk summit series, beginning in National Harbor this June. For more information, please visit

Additional Resources

Five Board Questions That Security and Risk Leaders Must Be Prepared to Answer

As board members realize how critical security and risk management is, they are asking leaders more complex and nuanced questions. This research helps security and risk management leaders decipher five categories of questions they must be prepared to answer at any board or executive meeting.

Read Free Gartner Research

Category: security  security-of-applications-and-data  

Tags: cybersecurity  digital-business  digital-ecosystem  risk-management  security  

Sam Olyaei
Sr. Research Analyst
4 years at Gartner
6 years IT Industry

Sam Olyaei is a Sr Research Analyst in Gartner Research, where he is part of the Risk and Security Management group. His primary research efforts are geared toward advising clients on issues related to their information security and risk management program such as security maturity, security policy, security budget, and high-level security strategy/governance principles. Read Full Bio

Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.