IBM Center for Applied Insights
Just like our State of Smart research has shown that outperforming organizations listen (and anticipate), Amgen CEO Kevin Sharer shows us that listening is no less important for leaders. Interestingly enough, this was something he picked up from Sam Palmisano. Sharer points out that listening with the sole goal of understanding or comprehension, is the greatest sign of respect you can extend to others. As a leader within your organization, do you listen with the sole goal of understanding? And perhaps more importantly, does your company listen to its customers with that same mindset?
Ellen Cornillon 110000K9SX email@example.com Tags:  cai thought-leadership leadership 874 Visits
Client Insights, Consultant
IBM Center for Applied Insights
The CAI team have spent some time recently musing on the meaning of “thought leadership” – how do you define it and what makes good thought leadership. These may seem like obvious questions but, in my experience, as the amount of content multiplies (web commentary, blogs, social media, and so on), many people are unclear about what is distinctive about thought leadership. Our discussion highlighted some interesting points.
Firstly, there is a hazy line between thought leadership and marketing material. Thought leadership uses fact-based research to analyze a topical client issue and uses this to propose client action. Marketing material, on the other hand, uses assertion to argue the case for a supplier’s products and services. Both have their place. A potential customer would expect to find detail of products and services when accessing suppliers’ websites and point-of-view documents can provide a persuasive case to buy. Effective thought leadership, though, can offer something a little different. It can entice a potential client in, change their perspective on an issue, and increase their levels of trust and confidence in their supplier. It is for this reason that thought leadership features so prominently on the websites of all major IT systems & service providers.
So what makes effective thought leadership? I recently carried out a scan of a number of IT providers websites and the quality varies hugely. The best included several thought provoking articles which were easily accessible, thoroughly researched, and well presented. They made a compelling case for actions which clearly aligned closely with the strategic direction of the supplier. The worst were short opinion pieces which demonstrated a poor appreciation of market dynamics. In determining what makes effective thought leadership I use four categories (borrowing considerably from the analysis carried out by source for consulting.com):
Credible research: This means sufficient depth and breadth of data collection (perhaps using a customer survey) plus analysis which has rigour, yet can be understood by the reader.
Client appeal: It must draw the client in – to pick up the report/article and to carry on reading. To do this it must tackle an issue of immediate client interest and be written from the clients’ point of view, offering practical recommendations and demonstrating outcomes.
Distinctive: It must say something new, different which makes a difference (i.e. it qualifies as newsworthy).
Effective messaging: It must draw the reader almost subliminally to a set of messages which are aligned to the suppliers’ agenda. It this is done too obviously, the research and analysis loses credibility.
DAVID JARVIS 1000007UE6 firstname.lastname@example.org Tags:  security_leader erm leaders security ciso information_security leadership 1,598 Visits
Client Insights, Senior Consultant
Center for Applied Insights
Some things are bad to do by committee, creating a work of art, cooking dinner, closing a baseball game – and sometimes committees are a necessity. Security and risk committees are an essential part of any enterprise’s security and risk management infrastructure. They are a sign of a mature organization. By promoting collaboration across the enterprise and making security and the associated risk discussions an integral part of senior leadership’s responsibilities, the enterprise can be better protected. Yet, even though the benefits are clear, not enough enterprises have one.
A study released last week by the Carnegie Mellon CyLab, looking at privacy and security governance in the Forbes Global 2000, reported that boards and senior leadership still are not exercising appropriate governance over the privacy and security of their digital assets. The study stated that there is still a significant gap in understanding around the fact that security, privacy and IT risk are all a part of enterprise risk management.
The study did note one encouraging sign – that more and more enterprises have cross-functional privacy/security committees – 70% of 2012 respondents versus 17% in 2008. These committees can act as a bridge to boards and senior leadership and elevate the discussion around security and risk, potentially closing the governance gap.
These findings line up very nicely with what we recently uncovered as part of our 2012 CISO Assessment. Overall, only 49% of the total sample reported that they had a security or risk committee. When we delved deeper, 68% of the most mature group of organizations, Influencers, had a security/risk committee. In comparison, only 26% of the least confident and mature group, Responders, had one.
What was interesting was, regardless of the organization’s overall security maturity level, if they had a security or risk committee they shared similar characteristics. In general, leaders of the committees tended to be Senior IT Executives (28%), CISOs (24%) or Senior Business Executives (22%). These committees met on a fairly regular basis, with 48% meeting quarterly and 27% meeting monthly.
The security and risk committees also took a comprehensive, enterprise-wide approach with both business and IT representation. From the business side, the most represented functions included Compliance (80%), Legal (65%), Business Executives (64%), Business Operations (64%), and Finance (59%). From the IT side, IT Executives (91%), IT Operations (72%), Network Operations (60%), and Data Governance (51%) were all a part of a majority of the committees.
Finally, as part of the CISO Assessment we looked at the primary objectives of the security/risk committees. Looking at the chart below we can see that, based on their top two choices, most committees were primarily focused on developing enterprise security strategy and developing action plans and recommendations. So should committees only be focused on strategic policy and governance issues? Is there more they could be doing?
At IBM, our risk management team meets quarterly with a top advisory committee, including senior vice presidents of all the business units, who report directly to the CEO. These include the leaders of many functional areas including finance, marketing, technology and others. Each of these executives must understand the security risks to his or her unit and what controls are in place. Together, they shape and decide strategy. Security, after all, is intimately tied not only to their units, but to the future of the enterprise.
Based on all this information, I think that enterprises are using security and risk committees more and more and they are adopting best practices around the leaders, members, operations, and goals of those committees. To make the next step:
Susanne Hupfer 2700006BQ0 Susanne_Hupfer@us.ibm.com Tags:  strategic tech-trends pacesetters ibmcai social cloud-computing developerworks business-analytics mobile leadership mobile-computing social-business cloud emerging-technologies 1,929 Visits
Consultant, IBM Center for Applied Insights
IBM just released the results of its 2012 Tech Trends study, revealing a number of interesting insights.
The study explores how enterprises are responding to the opportunities and risks introduced by new technologies. This year, we surveyed over 1,200 IT and business decision makers to determine why, when, and how their organizations adopt four pivotal emerging technologies – mobile, analytics, cloud and social business technologies – that are rapidly reshaping how enterprises operate.
Are you in the lead, or is your organization falling behind? You can use the adoption and investment statistics we discovered to help you assess where your organization stands:
Business Analytics and Mobile Computing are already quite mainstream, with over 50% of respondents deploying. Cloud Computing and Social Business represent a coming wave, with 40% either already piloting the technologies, or planning to adopt them within two years. Moreover, planned investment levels in the four technologies over the next two years indicate that all are moving full steam ahead: 55% or more of respondents plan to increase investment in Mobile, Cloud, and Business Analytics, and 43% plan to increase their investment in Social Business. You can click on the following infographic to take a deeper dive:
Despite the foothold of these technologies and the enthusiastic investment landscape, the report cites critical IT skill gaps that threaten to slam on the brakes just as organizations are hoping to leverage these technologies for their strategic advantage:
We also surveyed about 700 educators and students about these technology areas, and according to their responses, the skill gap is poised to get even worse:
Security also continues to be a major concern. In fact, Security is rated as the #1 barrier to adoption for mobile, cloud and social business, and the #2 barrier to adoption for business analytics.
What can you learn from those making the most progress applying these technologies for strategic advantage?
We asked respondents to rate the four emerging technologies’ importance to their businesses and also to rate their enterprises’ pace of adoption relative to competitors. We identified an elite group of Pacesetters who are forging ahead faster than others – despite the adoption hurdles – and who are using emerging technologies in more strategic ways.
If you want to get your organization onto the technology fast track (or keep it there), there are a number of interesting lessons you can take from the Pacesetters. We found that Pacesetters are more likely to exhibit three distinguishing traits that help them capitalize on the potential of mobile, analytics, cloud and social technologies. They are:
So, how are Pacesetters managing to stay ahead of the competition? As it turns out, they’re very experimental in their approach to developing IT skills. Rather than wait until there’s clear business demand for new skills, Pacesetters start building skills ahead of time: they are nine times more likely to experiment with technologies that don’t yet have a clear business application, and twice as likely to proactively develop skills to meet anticipated needs.
To learn more about the study results and how you can follow the pacesetters’ lead in technology adoption, you can check out the complete IBM 2012 Tech Trends report and a variety of other resources.
Don't miss the paper's list of concrete recommendations for becoming Pacesetters. We invite you to join in the discussion and let us know what you think about the study and its recommendations!