The rise of the Digital Risk Officer
But it has also opened up some new and potentially dangerous risks that have changed the way organisations approach risk management. The nature of the threats facing businesses has evolved and that means digital risk is becoming a much bigger priority for IT departments.
IT industry analyst group Gartner believes this will be the "next evolution" in enterprise risk management, and that it will have an impact on recruitment in the months to come. In fact, it thinks 2015 will be the year that we see a new role emerge - that of the Digital Risk Officer.
The challenges ahead
As business has become increasingly digitised, we have seen the emergence of numerous IT trends, from social media and cloud computing to big data analytics and the growth of mobile devices. With each one comes a raft of new risks in the form of malware, fraud, denial-of-service attacks, hacking, data theft, social engineering attacks, cyber espionage and much, much more.
By 2020, Gartner believes that six out of ten digital businesses will have suffered major service failures because their IT security teams are unable to manage the risks associated with new technology and trends, highlighting the scale of the challenge organisations around the world face.
And of course, digital technologies increasingly affect all areas of business, from finance and accounting to sales and marketing, which means that digital threats are no longer confined to IT departments. Instead, they should be viewed alongside other, more traditional risks and should be an enterprise-level concern, not just a concern for the IT team.
As a result, Gartner foresees a shift within enterprise risk management, with digital playing an increasingly important role and challenging existing organisational structures and skill sets. Today's IT security staff will lack the expertise required to protect their company's digital assets in the future, which means firms will need to look again at how technology risks are managed.
Demand for new skills
As part of this risk management rethink, some businesses may look to expand the remit of their Security Officers to include digital risk management. But without the necessary skills, these individuals will be unable to fulfil their new role effectively.
This means that either training will be required to help existing staff deal with new and emerging digital risks, or companies will have to recruit fresh talent; people with specific skills and experience to plug the knowledge gaps within their IT security teams and give digital risks the attention they demand.
Gartner predicts that by the end of 2015, more than half of Chief Executives will have installed a senior digital leader within their organisation, and by 2017, one-third of large enterprises with digital business models and activities will have a Digital Risk Officer or equivalent person working for them.
"Digital Risk Officers will require a mix of business acumen and understanding with sufficient technical knowledge to assess and make recommendations for appropriately addressing digital business risk," explained Gartner Vice President Paul Proctor.
Indeed, the mandate of the digital risk officer will be very different to that of the Chief Information Security Officer, and it is likely that in many organisations the latter's job will remain relatively unchanged while the former will be a newly-created role.
Digital risks go beyond IT
Because - as explained earlier - digital risk affects all levels of the business, the focus must go beyond the IT department. This is why Digital Risk Officers will report to senior executives such as Chief Risk Officers or Chief Digital Officers rather than senior members of the IT team.
"This role will explicitly work with non-IT executives in various capacities to better understand digital business risk and facilitate a balance between the need to protect the organisation and the need to run the business," Mr Proctor explained.
However, as Digital Risk Officers settle into their jobs, there could be some cultural issues that emerge within organisations. Gartner points out that many executives think technology, and hence technology-related risks, should be handled by technical people.
So if Digital Risk Officers are to do their jobs effectively, the relationship between IT and non-IT departments will need to be addressed so that everyone is clear about the importance of digital risk management and their roles and duties in helping to address it.
As Mr Proctor notes, tackling digital risk will require "deconstruction and re-engineering" of existing organisational structures and responsibilities, and Digital Risk Officers look set to take a leading role in the risk management programmes of the future.