CIO of the Week, Anshul Srivastav, Union Insurance
A leader with major operating tenets such as driving technology transformation through thought leadership, design thinking, innovation, analytics & delivering value to stakeholders. Anshul is a global technology leader and change practitioner who has been instrumental in driving technology transformations for businesses in the multi Billion USD revenues range.
His experience has been around taking up strategic technology initiatives, architecting, delivering and managing it them at an enterprise level.
Anshul has several notable career accomplishments, wherein he has led, created and launched the key Artificial Intelligence, Blockchain, Cloud, ecommerce, mobile and business intelligence initiatives for various Financial Institutions around the world.
Currently in a leadership role as Chief Information Officer Information Technology and Digital Officer in Dubai, leading the IT Strategy, Technology Transformations, Analytics, software delivery, architecture and Cloud for Union Insurance (UAE, Oman and Bahrain) across all lines of Business (Life, General (P&C) and Health Insurance). Creating and Driving big strategic Initiatives aligning IT transformation to deliver business value. Major Cloud transformations impacted the bottom line of Union by multimillion AED in the first year. Transformation on Digital added multimillion revenues in Life, P&C and Health lines of business.
Machine Learning and Robotic Process Automation are some key business transformations implemented recently.
As a Transformational leader and Senior Management IT professional, with almost two decades of experience spreading across multiple geographies (US, Europe, South East Asia and Middle East) Anshul has built & led local, regional, and global teams across 3 continents, capitalizing on opportunities to drive revenues, profits, and growth. Strong P&L management.
Anshul has been mentoring startup, incubators/accelerators and management students across south east Asia, Europe, India and Middle East since 2012. Incubators/ Accelerators like Satoshi Studios, Astro Labs Dubai, T Labs, CH9, Flat6 labs and many incubators. Startups mentored are in the tech space of analytics, Artificial Intelligence, Blockchain, mobility, payments and remittances, tech based micro finance, healthcare tech and analytics, and tech based retail merchandising, logistics and mobile wallets.
Anshul is a keynote speaker on Blockchain, Internet of Things (IoT), Cloud, Artificial Intelligence, Machine and Deep Learning, Digital Transformation, Fintech, RegTech, Insuretech, Cloud and Mobility.
CIO of the year award, InfoSec Maestro Award, CSO Next of the year award.
CISO award from MESA Dubai.
CIO award from CNME Dubai.
Won couple of Star Performer of the Year Awards from AXA India & AXA Asia. Has been awarded the AXA innovation award both at AXA Asia and AXA Group level on three ocassions.
Anshul writes on Design Thinking, Innovation, Big Data, Technology Transformations, Blockchain, Cloud, Artificial Intelligence and several of articles are published in CNME, Innovation and Tech Middle East, Data quest, LinkedIn and PM Network.
Are there any common business roadblocks that prevent security practices from being implemented?
Yes, of course there are business roadblocks that might prevent security practices from being implemented.
If you do not mind, I will split the answer in two parts, one at the strategic level and the other one at the operational level.
At the strategic level there must be a strategy roadmap chartered out covering physical security, IT security, information security and cybersecurity strategy and this should determine the practices. Risk management has to be defined at an organisation level. Security policies are getting implemented without connection to business strategy and thus becomes more difficult
If a strong CISO or a CIO who sits on a board works with the CISO and translates the security strategy to the business impact language to prevent an organization being exposed to the various security breaches which can happen and monetary value/s of the breach then definitely these potential roadblocks can be cleared out.
With regards to the operational level, once the strategy is there, it should flow through communication across the organization to the last mile and the business should not resist those practices. There have to be some finalization mechanism in case there is a roadblock in order to address it according to governance policies and security requirements.
For security executives who don’t have a strong relationship with the board, how can they improve it?
Security executives have been classically away from the business. Historically, security executives have been in isolation working on controlling the organization’s typical security policies, building them and just getting them implemented instead of focusing on how a security executive can actually help the business to move faster. During recent years, with increasing competition and emerging from nowhere, new channels, new disruptors arising on a daily basis, the typical behaviour has been to propose security products or services across the organizations, asking for investment to mitigate specific types of breaches but sometimes they have been unable to derive the business value coming from these technologies. This approach becomes a serious pain when trying to achieve a cordial relationship with the board. The board will require for a return on investment and business value of whatever had to be implemented across the organization. There is also the risk of the board not paying attention to this type of security executive.
Security executives should understand the business, work closely with the board, understand their expectations, communicate heavily with the CIO, CEO to actually make themselves a tangible presence within that particular organization.
Security executives could not be only involved in operations, they actually have to be attached to the business strategy. They should act as an army protecting the borders of the organization and deriving value. To build a strong relationship with the board you need to show the business value, the end customer satisfaction and to guarantee that this is a secure organization.
What advice do you have for security leaders?
Security leaders should be data hungry leaders. A data hungry leader should have all the tools and techniques to actually understand the evolving landscape within the organization and outside the organization and build tons of intelligence around it. They should leverage some kind of data science capabilities to predict threats. A data hungry security leader can actually map what the in-coming market is, how it is evolving, and map the current requirements of the organization that the security leader belongs to. This is the data part. Build Security-as-a-Service.
The second part is the culture.
Security leaders can and should build a culture within the organization and outside the organization including partners, providers, third parties, customers, support services…
Nowadays every organization is available anytime, anywhere. You have 24/7 vulnerability.
If the security leader creates the right culture, everyone will take his or her responsibility and assure that the organization is really and completely secure anytime, anywhere.
What unique challenges does the financial industry face?
The financial services industry is currently facing continuous attacks through DDoS, Ransomware, Malware, APTs, IP hijacking, you name it.
Moreover, financial services are now available anytime, anywhere on IoT, Blockchain, digital channels, mobile exposing the financial services industry to a lot of serious attacks, difficult to monitor and manage.
My way of looking at these challenges is to understand the overall technology landscape being rolled out.
You should work with people who can give you managed services, for example on threat intelligence, to assure that you have all the possible intelligence available with the regards to how the ecosystem of people is behaving, to guarantee that you have all possible intelligence available, just like an army. You have to be smarter than the potential attackers, leverage data and rely on people who have all this intelligence.
How can CISOs balance security and innovation?
I believe all innovation and disruptions have an attachment of potential threats and security issues, especially for technological innovation. CISOs must build a framework of business innovation and the security flavours attached to it, adopt an approach which balances security and innovation helping business innovate in a more agile way, supporting the business in terms of innovation and attaching the security flavours to it.
You can’t stop innovation coming in and happening. There is a market that is trying to disrupt your business and you need to keep up with innovation.
The CISO has to have good intelligence and data to understand trends and should add the flavour of security in supporting the business.
Could you offer some advice on how can CISOs and CIOs work together?
I think a CISO should report to the CIO as CIOs are driving a lot of technology strategy.
CISOs should work towards the execution of that technology strategy, addressing not only information security strategy or IT security or cybersecurity strategy but also working with various risk elements on the organization coming out of the technology roadmap.
CISO should be given power to generate large amounts of data to extract the intelligence needed and continuously working with CIOs in executing that intelligence.
CISO have to be highly overprotective and they can only achieve this goal leveraging data and generating intelligence on that data and continuously communicating that intelligence across the organization and to the people they are reporting to, whether it is a CIO or the CEO or the Board.
CISOs must protect the companies, the customers, partners, employees, the board and assure that they are safe and secure.
The more protected they are, the better placed the organization will be to innovate and to go to the next level.
Build a team of people who are into ethical ways of doing business and are hungry for data, helping build a good intelligence with a proactive approach towards any incident instead of a reactive approach.