Technology Talent Talk: Foundational Technology Officers in Southeast Asia

In this three-part series on technology talent, Russell Reynolds Associates takes a deeper look at the executive ranks of the region’s top companies to gauge commitment to this movement. 

It’s increasingly clear that technology is – or should be – at the heart of every modern business model. To better understand how this trend is playing out in Southeast Asia, we examined the top ten listed companies by market capitalization for Singapore, Malaysia, Indonesia, Thailand and Vietnam – the five countries that account for about three-quarters of Southeast Asia’s GDP.¹

As an indicator of corporate commitment to various technology efforts, we charted the prevalence of three types of senior technology roles as well as associated career paths: 

1. Foundational Technology Officers: Chief Information Officer (CIO) and Chief Information Security Officer (CISO)
2. Enabling Technology Officers: Chief Technology Officer (CTO) and Chief Digital Officer (CDO)
3. Disruptive Technologies Officers: Titles vary; key mandates include AI, IoT, and big data.

Here, we look specifically at the prevalence and career paths of leaders in the first category, the CIO and CISO.

Talent Insights

CIOs and CISOs are responsible for developing and implementing the foundational technology layer that forms the bedrock for more advanced technologies. 

The CIO is generally an internally-focused executive who is charged with managing the IT infrastructure. CIOs keep IT strategy, operational efficiency and performance reliability in mind to ensure uptime of the mission-critical IT systems that support company operations. The role is in the midst of transformation with the advent of cloud, platforms and software as a service (PaaS/SaaS). 

In addition to CIOs, many global companies are also hiring CISOs as information security increasingly becomes top of mind due to regulatory requirements and heightened threats. A CISO’s responsibilities include IT security, but also cover data privacy and compliance. A primary goal for this role is to mitigate the risks associated with insecure information, including financial, legal and reputational costs. 

Our research finds that companies in Southeast Asia are more likely to have a CIO than a CISO, in keeping with global trends -- yet overall, they are less likely to have either role compared with companies in other geographies. 

Across the region, 54 percent of companies have a CIO, compared to a 96 percent global average. This relatively low average is in part due to a high degree of disparity across countries. Companies in Malaysia, Indonesia and Singapore are more likely to have such talent in place, while companies in Vietnam and Thailand are still playing catch-up. When companies lack a dedicated CIO, the IT function is often integrated with a non-technology function and led by a Technology & Operations Officer.

Telecommunications and financial services have the highest proportion of CIOs and CISOs.

On the information security front, nearly all Southeast Asian companies have a long way to go, as few have made significant investments in this domain. There is scant difference in the prevalence of CISOs in the region, and the 10 percent average for Southeast Asia stands in stark contrast to the global average of 49 percent. 

Taking an industry view, telecommunications and financial services companies have the highest proportion of CIOs and CISOs, at 80 percent and 67 percent respectively, due to their heavier compliance requirements, followed by consumer products companies, which have been disrupted by digital and e-commerce.

CIO and CISO Career Paths

Southeast Asia’s CIOs and CISOs tend to have deep experience, though often eclectic career paths.

Looking Ahead

Building a best-in-class technology function requires a patient and long term-oriented view towards implementing IT solutions and changing organizational culture. One way to enable success is to promote longer tenures among CIOs. Currently, the average CIO tenure in Southeast Asia is slightly below the 5-year global average noted in a recent EY report on CIOs, and shorter than the recommended 7 years.³

These relatively short tenures are due to two factors. Some companies are in the early days of building up their technology function and need to retain current leaders to mature it, instead of swapping leaders frequently. Others are more advanced, but face high turnover rates. 

In either case, CEOs will have to consider how they create more conducive environments for long-term IT stewardship. CEOs will have to consider the autonomy, resources and opportunities provided to CIOs, and likely offer them a bigger voice in executive decisions. 

On the CISO front, the time is ripe for Southeast Asian companies to think more carefully about hiring an executive dedicated to the security function. Many companies have made significant investments into their fundamental IT infrastructure. As IT, digital and data infrastructure grows in scale and complexity alongside increased compliance and privacy requirements, topnotch information security technology and talent will become baseline requirements as well. 

Across both CIOs and CISOs, as companies become more attuned to new technologies such as e-commerce, the demand for suitable individuals – or those with the potential to step up – will inevitably increase. Retaining existing talent will be as important as recruiting new ones. Looking ahead, it is worthwhile for companies to put well-structured retention plans in place now, before the competition for talent intensifies.

Footnotes

1. JP Morgan. “ASEAN’s bright future: Growth opportunities for corporates in the ASEAN region.” https://www.jpmorgan.com/country/US/EN/cib/investment-banking/trade-asean-future
2. Russell Reynolds Associates. “Inside the Mind of the CTO”. http://www.russellreynolds.com/insights/thought-leadership/inside-the-mind-of-the-cto
3. EY. “The DNA of the CIO.” https://www.ey.com/gl/en/services/advisory/the-dna-of-the-cio