The CIO Perspective: Why CIOs are now the ultimate risk officers

As digital threats grow more sophisticated and pervasive, CIOs are stepping into a role far beyond traditional technology stewardship: they are becoming the ultimate risk officers.

Through our advisory work with boards, CEOs and investors, we’ve seen this firsthand.

As executive search professionals, we’re no longer just evaluating operational capability; we are also assessing a leader’s ability to anticipate, influence and defend the organisation at scale.

To understand how South African CIOs are navigating this complex landscape, we spoke with technology leaders across a variety of industries. 

Their insights reveal a pressing reality: cybersecurity is now a top strategic priority, demanding a new blend of technical expertise, business acumen and leadership agility.

From technologists to strategic guardians

Traditionally focused on operational excellence, CIOs are now expected to drive cyber strategy at the board level, often in the absence of a dedicated CISO. In these cases, they become the principal voice on digital risk, translating complex threats into actionable business decisions while balancing innovation and growth. Alec Davis, CIO of Growthpoint, captures the sentiment. 

Derek Wilcocks of Discovery points to the growing pressure of “balancing speed with disaster avoidance”, alongside growing compliance burdens while Eugene van der Merwe (AVI Ltd) underscores that “constant vigilance” is now a baseline expectation for technology leaders.

Insight: In many organisations, particularly where there is no dedicated CISO, the CIO becomes the de facto Chief Security Officer. But even where the CISO role exists, the modern CIO must operate at the intersection of technology and enterprise risk. Organisations should assess whether their technology leaders have the strategic fluency to align cybersecurity with business objectives - not just the technical skills to defend against attacks. 

The expanding threat landscape

The challenge is magnified by AI-driven threats, shadow IT, increasingly fragmented regulation and third-party risk. CIOs such as Jörg Fischer (Standard Bank) and Kim Sim (Mr Price Group) emphasise concerns around inadvertent data exposure, AI-generated threats and the need for real-time threat intelligence. It’s no longer about building fences; it’s about anticipating attack vectors before they’re even visible.

To stay ahead, leading organisations are investing in:

Next-Generation cybersecurity innovations

• Autonomous incident response: AI/ML-driven detection, triage and response systems that minimise dwell time and reliance on manual intervention.
• Zero trust architecture: Trust no one, verify everything. Continuous authentication and micro-segmentation are becoming non-negotiables.
• Next-Gen Cloud workload protection: Unified controls across container, serverless and hybrid cloud environments.
• Advanced anti-ransomware: Behavioural threat detection, automatic containment and fast-track recovery tools.
• Password-less authentication: Biometric and device-based logins to reduce credential compromise.

Yet technology alone is not enough. The real differentiator is leadership.

Insight: Cyber resilience requires more than tools: it demands a leadership mindset that prioritises proactive risk management. CIOs must ensure cybersecurity investments align with business priorities and are communicated effectively to stakeholders.

What’s often overlooked?

Many organisations focus on technical defences but miss critical leadership and operational gaps:

• Board fluency: Can the CIO translate cybersecurity risks in business terms that boards can understand and act on?
• Third-Party risk strategy: Breaches often originate in the supply chain from vendors and ecosystem partners. CIOs must think beyond the enterprise perimeter.
• Cyber talent bench strength: A leader is only as effective as their team. Building diverse, resilient and well-resourced cyber teams is becoming an essential part of the CIO mandate.
• Security as an enabler: The best CIOs position cybersecurity as a competitive advantage, not just a compliance hurdle.  

Insight: A holistic cyber strategy integrates technology, talent and governance. CIOs should work closely with HR to build diverse, skilled teams and with the board to ensure risk oversight is embedded at the highest level.

Best practices for cyber-ready leadership

• Proactive planning: Embed cybersecurity early in digital initiatives, not as an afterthought.
• Transparent communication: From security posture to incident response, visibility builds trust.
• Inclusive talent strategy: Bring in diverse voices and cross-disciplinary skills to combat asymmetric threats.
• Continuous learning: Cyber risks are evolving rapidly, leadership development must keep pace.
• Embedded collaboration: Break down silos by integrating security into product, finance, legal and operations teams.

Insight: The most effective CIOs combine technical depth with strategic influence. Organisations should prioritise leadership attributes such as resilience, stakeholder engagement and business alignment, when assessing their technology executives.

The CIO as Chief Risk Strategist

The role of the CIO has fundamentally shifted. No longer just custodians of infrastructure, they are now pivotal in safeguarding organisational resilience and reputation. As cyber threats grow in scale and sophistication, the ability to lead through risk will separate high-performing CIOs from the rest.

Odgers recommends:

• Elevate cyber to a strategic priority – Ensure cybersecurity is a board-level discussion, led by the CIO.
• Assess leadership readiness – Does your CIO have the influence and fluency to drive cyber strategy?
• Invest in talent and tools – Build a team that blends technical expertise with business acumen.
• Foster cross-functional collaboration – Security cannot operate in isolation; embed it across the enterprise.

By embracing this expanded mandate, CIOs can transform cybersecurity from a defensive necessity into a strategic advantage this protecting the business today while enabling its growth tomorrow.

How Odgers can assist

Whether you need to evolve your CIO role, appoint a CISO or strengthen your digital risk team, contact us today to discuss our tailored approach to ensure your leadership strategy is robust and forward-looking.