Innovation Without Protection: Why CDOs and CISOs Must Now Lead Together

The recent cybersecurity incident at Qantas, involving the personal data of up to 6 million customers, is a sobering reminder that no amount of digital innovation can compensate for weak security foundations. As organisations race to deploy AI, data platforms, and advanced analytics, cybersecurity teams are often left playing catch-up — firefighting breaches rather than proactively shaping the digital ecosystem.

It’s time for a grand collaboration between two critical functions: the Chief Information Security Officer (CISO) and the Chief Data Officer (CDO).

While the he recent cybersecurity breach at Qantas reportedly stemmed from a third-party customer platform, the broader implications reach into the heart of how organisations govern and protect data. It’s a wake-up call for leaders in both the data and cybersecurity domains.

The biggest risk to your data strategy isn’t technical—it’s structural misalignment. - Jo Chidwala

A House Divided: Innovation Without Protection

In many organisations, the Chief Data Officer (CDO) is tasked with driving innovation—building platforms, enabling analytics, and operationalising artificial intelligence. Simultaneously, the Chief Information Security Officer (CISO) is charged with mitigating risk, protecting systems, and ensuring compliance.

But here’s the problem: these two critical functions often operate in parallel, not in partnership.

This structural separation can produce damaging misalignments:

• Data initiatives move at pace, often without a foundational focus on security-by-design.
• Cyber teams are brought in too late, forced into reactive mode rather than shaping secure architectures up front.
• Foundational activities such as data classification, access control, and vulnerability management - are viewed as blockers to innovation rather than enablers of trust.

When cyber is treated as a compliance box and data is treated as a shiny new toy, neither delivers lasting value.        

Five Recommendations For Strong Cyber-Data Collaboration

To truly protect data at scale, organisations must do more than tighten controls. They must rethink the operating model between the CDO and CISO functions. Below are five evidence-backed recommendations:

1. Form a Joint Cyber-Data Governance Council

Break down silos by establishing a cross-functional council co-led by the CISO and CDO. This group should meet regularly to evaluate risks and opportunities associated with new data initiatives. The goal: balance innovation with resilience at the strategic level.

Shared governance ensures no digital product is built in a vacuum.        

2. Integrate Security Expertise Into Data Product Squads

Security must be embedded—not appended. Assign cybersecurity architects to work within agile data teams, ensuring that every step from ingestion to insight incorporates secure design patterns.

Embedding cyber into data teams transforms security from a gatekeeper into a co-creator.        

3. Redefine Roles and Incentives Across Both Domains

Update performance metrics for data leaders to include risk reduction and compliance metrics—not just model delivery and data platform adoption. Similarly, cyber leaders must adopt agile mindsets to support iterative delivery without compromising control.

Aligning KPIs across teams drives shared accountability for secure innovation.        

4. Shift Investment Toward Data Security Fundamentals

Before chasing the next AI model, invest in foundational capabilities:

• Up-to-date data inventories
• Automated classification of sensitive information
• Role-based access and encryption
• Vulnerability assessments within data pipelines

Innovation is only as strong as the security of the infrastructure it runs on.        

5. Develop a Unified Cyber-Data Risk and Value Dashboard

Create a shared analytics dashboard to track performance across both domains. Key metrics may include:

• % of data assets with active classification
• Number of open vulnerabilities in data systems
• Mean time to detect and remediate security issues
• Usage of sensitive data in downstream analytics
• Regulatory compliance status across jurisdictions

A shared dashboard brings visibility to what matters most: trust, risk, and value.

Beyond Compliance: Building Digital Trust

The Qantas breach will not be the last. But for forward-thinking enterprises, it can be the catalyst for change. Cybersecurity must evolve from a policing function into a strategic partner. Likewise, data functions must embrace accountability not just for innovation, but for data integrity, protection, and ethical use.

This is not merely an IT issue. It’s an executive one.

When the CDO and CISO move in lockstep, the organisation unlocks more than data. It earns trust. - Jo Chidwala

About the Author: Jo Chidwala is a data and digital strategy leader with deep expertise in AI and enterprise transformation. He works at the intersection of business strategy, data innovation and operational excellence