The CDO as a Security Stakeholder: Why Digital Responsibility Doesn’t End with IT

CDOs drive transformation. But with every digital initiative, the attack surface grows. The CDO builds what the CISO must protect. Why both roles need to collaborate and why the CDO should embrace security as part of their responsibility.

TL;DR

Every digital initiative increases the attack surface
68 percent of companies lack CDO-CISO exchange
Security by Design costs 10 percent upfront – retrofitting costs 300 percent
NIS2 makes executives personally liable

The Blind Spot

No board report measures the “attack surface of implemented systems.” Projects are prioritized based on business value, with security as an afterthought.

CDO and CISO as Allies

Every project over 50,000 Euro gets a security checkpoint before go-live. Not as a veto, but as a quality gate.

What NIS2 Means for the CDO

Personal liability for executives. Fines up to 10 million Euro. A CDO who introduces insecure systems is personally liable.

Conclusion

Digitalization without security is negligent. The synthesis is the core competency of the modern CDO.

Key Facts

CDO-CISO Gap: 68 percent lack regular exchange (McKinsey, 2024).

Cost of Delay: Retrofitted security costs 6.5 times more (IBM).

Frequently Asked Questions

Should the CDO attend security meetings?

Yes – at least a monthly sync.

Should security be a CDO KPI?

Proportion of projects with review, MTTR, DSFA coverage.

NIS2 and CDO liability?

In cases of proven negligence: a real scenario.