Key Industry Challenges: Global CIO Members Discuss Solutions for Cybersecurity, Staffing Shortages, and IT Budget Allocation

Corporate cybersecurity, IT staffing shortages, and IT budget alignment have been pressing issues for decades. However, IT leaders have recently encountered new challenges in each of these areas. Key problems and potential solutions were discussed during the Global CIO online ideation session as part of the "Key Trends in Digital Transformation 2024" online conference.

Cybersecurity: Challenges

The balance between protection costs and the potential damage from breaches is a cornerstone of cybersecurity projects. Another critical trade-off is between usability and the reliability of security measures. No universal answers exist — each company must find its optimal balance. However, established best practices and real-world case studies can serve as valuable benchmarks.

The inherent secrecy of the field adds complexity, making insights from the networking session particularly valuable. Oleg Aksenov, CIO at Teez, shared key points from the discussion:

The Gap Between Intention and Action
There is often a significant disconnect between the desire for security and tangible actions to achieve it. Organizations claim to prioritize security but rarely take meaningful steps such as hiring more security engineers, implementing secure practices, or even refraining from risky behaviors like password sharing. Weak security often becomes apparent only after a breach has occurred.

Fear of Accountability
Many IT professionals lack legal expertise and fear being held accountable for mistakes in compliance. Effective security requires combining technological measures with legal knowledge, but few understand how to bridge these domains.

Budget Constraints and Complacency
Security is rarely prioritized in budgets, with accessibility and immediate business needs taking precedence. Complacency further exacerbates the problem as teams under pressure often seek shortcuts to resolve urgent tasks.

Cybersecurity: Solutions

Providing Statistical Data
Demonstrating how each security measure reduces risks is essential. Data could be collected anonymously or provided through a trusted agency. Quantifying the impact of investments in security is currently challenging, emphasized Oleg Aksenov. “In my research,” he noted, “companies lose about 9–10% of their market value after a data breach. Even after recovery, stock prices remain approximately 2% lower than their expected trajectory.”

When investors have access to such data, they begin to see cybersecurity as insurance protecting their investments. They not only recognize potential losses but also understand how to "buy" that insurance to safeguard their assets.

Leadership-Driven Security Advocacy
Security recommendations often come from junior staff or contractors, and they may be overlooked. For example, an employee may receive a lengthy guide summarizing basic rules such as not sharing passwords, sign it, and move on without internalizing the message.

Guidance is more impactful when delivered by top management. Executives should assume responsibility for security, acting as role models and ensuring that managers cascade these principles throughout the organization.

Legal Literacy
IT professionals should gain basic knowledge of laws relevant to their work, such as copyright and data protection regulations. Even a foundational understanding of legal aspects can suffice, and tools like ChatGPT can provide concise explanations to fill knowledge gaps.

Staffing Shortages: Challenges

Participants identified a significant generational gap. Specialists with over 10 years of experience are often highly focused in specific areas, such as Oracle EBS or Fusion. They are less inclined to explore emerging technologies like artificial intelligence or machine learning, instead deepening their expertise in their established fields. While young professionals are familiar with the latest technology trends, they often lack the enterprise-level experience required for large-scale implementations.

Talent Mobility also presents challenges. Mukesh Jain, CIO at St. Jude India ChildCare Centres, highlighted that young professionals are reluctant to relocate to the Middle East and North Africa (MENA), favoring opportunities in the U.S. or Europe. This creates a talent shortage in a region with high demand for digital transformation projects, including AI and cybersecurity.

Staffing Shortages: Solutions

Bridging the Generational Gap following measures could be taken. Encourage experienced professionals to learn new technologies, motivating them to expand their expertise into emerging fields. At the same time could be useful to create mentorship platforms for younger professionals to gain support and guidance from senior colleagues.

Maintaining diverse technology stacks (e.g., Voodoo or Oracle) strains IT teams due to a lack of specialized talent. Collaborative partnerships with vendors can reduce internal dependency by aligning long-term goals and sharing the operational burden.

Expanding the talent pool could be reached by partnership with local universities to attract graduates and to leverage remote work models to access global talent. However, the effectiveness of remote teams depends on resource availability and specific country conditions.

IT Budget: hard simplicity.

Budget allocation is typically driven by critical business needs directly linked to revenue growth, acknowledged the participants. Initiatives like version upgrades, environment changes, or cybersecurity investments often remain neglected until a significant incident—such as a security breach—underscores their necessity.

Challenges are well known: limited budgets make it difficult to hire skilled professionals with the required expertise. Competing demands from HR, operations, and finance require prioritization, often leaving only 2–3 out of 10 key initiatives funded. The remainder is deferred to the next quarter or year. 

Conclusion

The session highlighted the urgent need for strategic approaches to address challenges in cybersecurity, staffing shortages, and IT budget allocation. Leadership-driven advocacy, data-driven decision-making, and collaboration with educational institutions and vendors are vital steps toward overcoming these obstacles.