CIO Priorities 2022

Info-Tech’s annual CIO priorities are formed from proprietary primary data and consultation with our internal experts with CIO stature

2022 Tech Trends Survey CIO Demographic N=123

Info-Tech’s Tech Trends 2022 survey was conducted between August and September 2021 and collected a total of 475 responses from IT decision makers, 123 of which were at the C-level. Fourteen countries and 16 industries are represented in the survey.

2022 IT Talent Trends Survey CIO Demographic N=44

Info-Tech’s IT Talent Trends 2022 survey was conducted between September and October 2021 and collected a total of 245 responses from IT decision makers, 44 of which were at the C-level. A broad range of countries from around the world are represented in the survey.

Internal CIO Panels’ 125 Years Of Combined C-Level IT Experience

Panels of former CIOs at Info-Tech focused on interpreting tech trends data and relating it to client experiences. Panels were conducted between November 2021 and January 2022.

CEO-CIO Alignment Survey Benchmark Completed By 107 Different Organizations

Info-Tech’s CEO-CIO Alignment program helps CIOs align with their supervisors by asking the right questions to ensure that IT stays on the right path. It determines how IT can best support the business’ top priorities and address the gaps in your strategy. In 2021, the benchmark was formed by 107 different organizations.

Build IT alignment

IT Management & Governance Diagnostic Benchmark Completed By 320 Different Organizations

Info-Tech’s Management and Governance Diagnostic helps IT departments assess their strengths and weaknesses, prioritize their processes and build an improvement roadmap, and establish clear ownership of IT processes. In 2021, the benchmark was formed by data from 320 different organizations.

Assess your IT processes

The CIO priorities are informed by Info-Tech’s trends research reports and surveys

Priority: “The fact or condition of being regarded or treated as more important than others.” (Lexico/Oxford)

Trend: “A general direction in which something is developing or changing.” (Lexico/Oxford)

Visit Info-Tech’s Trends & Priorities Research Center

The Five Priorities

Priorities to compete in the digital economy

1. Reduce Friction in the Hybrid Operating Model
2. Improve Your Ransomware Readiness
3. Support an Employee-Centric Retention Strategy
4. Design an Automation Platform
5. Prepare to Report on New Environmental, Social, and Governance Metrics

Reduce friction in the hybrid operating model

Priority 01 | APO07 Human Resources Management

Deliver solutions that create equity between remote workers and office workers and make collaboration a joy.

Hybrid work is here to stay

CIOs must deal with new pain points related to friction of collaboration

In 2020, CIOs adapted to the pandemic’s disruption to offices by investing in capabilities to enable remote work. With restrictions on gathering in offices, even digital laggards had to shift to an all-remote work model for non-essential workers.

Most popular technologies already invested in to facilitate better collaboration

• 24% Web Conferencing
• 23% Instant Messaging
• 20% Document Collaboration

In 2022, the focus shifts to solving problems created by the new hybrid operating model where some employees are in the office and some are working remotely. Without the ease of collaborating in a central hub, technology can play a role in reducing friction in several areas:

• Foster more connections between employees. Remote workers are less likely to collaborate with people outside of their department and less likely to spontaneously collaborate with their peers. CIOs should provide a digital employee experience that fosters collaboration habits and keeps workers engaged.
• Prevent employee attrition. With more workers reevaluating their careers and leaving their jobs, CIOs can help employees feel connected to the overall purpose of the organization. Finding a way to maintain culture in the new context will require new solutions. While conference room technology can be a bane to IT departments, making hybrid meetings effortless to facilitate will be more important.
• Provide new standards for mediated collaboration. Meeting isn’t as easy as simply gathering around the same table anymore. CIOs need to provide structure around how hybrid meetings are conducted to create equity between all participants. Business continuity processes must also consider potential outages for collaboration services so employees can continue the work despite a major outage.

Three in four organizations have a “hybrid” approach to work. (Tech Trends 2022 Survey)

In most organizations, a hybrid model is being implemented. Only 14.9% of organizations are planning for almost everyone to return to the office, and only 9.9% for almost everyone to work remotely.

Elizabeth Clark CIO, Harvard Business School "I want to create experiences that are sticky. That keep people coming back and engaging with their colleagues."

Listen to the Tech Insights podcast:
Frictionless hybrid working: How the Harvard Business School did it

Internal interpretation: Harvard Business School

• March 2020

  The pandemic disrupts in-class education at Harvard Business School. Their case study method of instruction that depends on in-person, high-quality student engagement is at risk. While students and faculty completed the winter semester remotely, the Dean and administration make the goal to restore the integrity of the classroom experience with equity for both remote and in-person students.

• May 2020

  A cross-functional task force of about 100 people work intensively, conducting seven formal experiments, 80 smaller tests, and hundreds of polling data points, and a technology and facilities solution is designed: two 4K video cameras capturing both the faculty and the in-class students, new ceiling mics, three 85-inch TV screens, and students joining the videoconference from their laptops. A custom Zoom room, combining three separate rooms, integrated all the elements in one place and integrated with the lecture capture system and learning management system.

• October 2020

  Sixteen classrooms are renovated to install the new solution. Students return to the classroom but in lower numbers due to limits on in-room capacity, but students rotate between the in-person and remote experience.

• September 2021

  Renovations for the hybrid solution are complete in 26 classrooms and HBS has determined this will be its standard model for the classroom. The case method of teaching is kept alive and faculty and students are thrilled with the results.

• November 2021

  HBS is adapting its solution for the classroom to its conference rooms and has built out eight different rooms for a hybrid experience. The 4K cameras and TV screens capture all participants in high fidelity as well as the blackboard.

The renovated classrooms integrate all students, whether they are participating remotely or in person. (Image courtesy of Harvard Business School.)

Implications: Organization, Process, Technology

External

• Organization – About half of IT practitioners in the Tech Trends 2022 survey feel that IT leaders, infrastructure and operations teams, and security teams were “very busy” in 2021. Capacity to adapt to hybrid work could be constrained by these factors.
• Process – Organizations that want employees to benefit from being back in the office will have to rethink how workers can get more value out of in-person meetings that also require videoconference participation with remote workers.
• Technology – Fifty-four percent of surveyed IT practitioners say the pandemic raised IT spending compared to the projections they made in 2020. Much of that investment went into adapting to a remote work environment.

Internal

• Organization – HBS added 30 people to its IT staff on term appointments to develop and implement its hybrid classroom solutions. Hires included instructional designers, support technicians, coordinators, and project managers.
• Process – Only 25 students out of the full capacity of 95 could be in the classroom due to COVID-19 regulations. On-campus students rotated through the classroom seats. An app was created to post last-minute seat availability to keep the class full.
• Technology – A Zoom room was created that combines three rooms to provide the full classroom experience: a view of the instructor, a clear view of each student that enlarges when they are speaking, and a view of the blackboard.

Resources Applied

Appetite for Technology

CIOs and their direct supervisors both ranked internal collaboration tools as being a “critical need to adopt” in 2021, according to Info-Tech’s CEO-CIO Alignment Benchmark Report.

Intent to Invest

Ninety-seven percent of IT practitioners plan to invest in technology to facilitate better collaboration between employees in the office and outside the office by the end of 2022, according to Info-Tech’s 2022 Tech Trends survey.

“We got so many nice compliments, which you don’t get in IT all the time. You get all the complaints, but it’s a rare case when people are enthusiastic about something that was delivered.” (Elizabeth Clark, CIO, Harvard Business School)

Harvard Business School

• IT staff were reassigned from other projects to prioritize building a hybrid classroom solution. A cloud migration and other portfolio projects were put on pause.
• The annual capital A/V investment was doubled. The amount of spend on conference rooms was tripled.
• Employees were hired to the media services team at a time when other areas of the organization were frozen.

Outcomes at Harvard Business School

The new normal at Harvard Business School

New normal: HBS has found its new default operating model for the classroom and is extending its solution to its operating environment.

Improved CX: The high-quality experience for students has helped avoid attrition despite the challenges of the pandemic.

Engaged employees: The IT team is also engaged and feels connected to the mission of the school.

A custom Zoom room brings together multiple different views of the classroom into one single experience for remote students. (Image courtesy of Harvard Business School.)

From Priorities to Action

Make hybrid collaboration a joy

Align with your organization’s goals for collaboration and customer interaction, with the target of high satisfaction for both customers and employees. Invest in capital projects to improve the fidelity of conference rooms, develop and test a new way of working, and increase IT capacity to alleviate pressure points.

Foster both asynchronous and synchronous collaboration approaches to avoid calendars filling up with videoconference meetings to get things done and to accommodate workers contributing from across different time zones.

“We’ll always have hybrid now. It’s opened people’s eyes and now we’re thinking about the future state. What new markets could we explore?” (Elizabeth Clark, CIO, Harvard Business School)

Take the next step

Run Better Meetings
Hybrid, virtual, or in person – set meeting best practices that support your desired meeting norms.

Prepare People Leaders for the Hybrid Work Environment
Set hybrid work up for success by providing people leaders with the tools they need to lead within the new model.

Hoteling and Hot-Desking: A Primer
What you need to know regarding facilities, IT infrastructure, maintenance, security, and vendor solutions for desk hoteling and hot-desking.

“Human Resources Management” gap between importance and effectiveness
Info-Tech Research Group Management and Governance Diagnostic Benchmark 2021

Improve your ransomware readiness

Priority 02 | APO13 Security Strategy

Mitigate the damage of successful ransomware intrusions and make recovery as painless as possible.

The ransomware crisis threatens every organization

Prevention alone won’t be enough against the forces behind ransomware.

Cybersecurity is always top of mind for CIOs but tends to be deprioritized due to other demands related to digital transformation or due to cost pressures. That’s the case when we examine our data for this report.

Cybersecurity ranked as the fourth-most important priority by CIOs in Info-Tech’s 2022 Tech Trends survey, behind business process improvement, digital transformation, and modernization. Popular ways to prepare for a successful attack include creating offline backups, purchasing insurance, and deploying new solutions to eradicate ransomware.

CIOs and their direct supervisors ranked “Manage IT-Related Security” as the third-most important top IT priority on Info-Tech’s CEO-CIO Alignment Benchmark for 2021, in support of business goals to manage risk, comply with external regulation, and ensure service continuity.

Most popular ways for organizations to prepare for the event of a successful ransomware attack:

• 25% Created offline backups
• 18% Purchased cyberinsurance
• 19% New tech to eradicate ransomware

Whatever priority an organization places on cybersecurity, when ransomware strikes, it quickly becomes a red alert scenario that disrupts normal operations and requires all hands on deck to respond. Sophisticated attacks executed at wide scale demonstrate that security can be bypassed without creating an alert. After that’s accomplished, the perpetrators build their leverage by exfiltrating data and encrypting critical systems.

CIOs can plan to mitigate ransomware attacks in several constructive ways:

• Business impact analysis. Determine the costs of an outage for specific periods and the system and data recovery points in time.
• Engage a partner for 24/7 monitoring. Gain real-time awareness of your critical systems.
• Review your identity access management (IAM) policies. Use of multi-factor authentication and limiting access to only the roles that need it reduces ransomware risk.

50% of all organizations spent time and money specifically to prevent ransomware in the past year. (Info-Tech Tech Trends 2022 Survey)

John Doe CIO, mid-sized manufacturing firm in the US "I want to create experiences that are sticky. That keep people coming back and engaging with their colleagues."

Listen to the Tech Insights podcast:
Close call with ransomware: a CIO recounts a near security nightmare

Internal interpretation: US-based, mid-sized manufacturing firm

• May 1, 2021

  A mid-sized manufacturing firm (“The Firm”) CIO gets a call from his head of security about odd things happening on the network. A call is made to Microsoft for support. Later that night, the report is that an unwanted crypto-mining application is the culprit. But a couple of hours later, that assessment is proven wrong when it’s realized that hundreds of systems are staged for a ransomware attack. All the attacker has to do is push the button.

• May 2, 2021

  The Firm disconnects all its global sites to cut off new pathways for the malware to infect. All normal operations cease for 24 hours. It launches its cybersecurity insurance process. The CIO engages a new security vendor, CrowdStrike, to help respond. Employees begin working from home if they can so they can make use of their own internet service. The Firm has cut off its public internet connectivity and is severed from cloud services such as Azure storage and collaboration software.

• May 4, 2021

  The hackers behind the attack are revealed by security forensics experts. A state-sponsored agency in Russia set up the ransomware and left it ready to execute. It sold the staged attack to a cybercriminal group, Doppel Spider. According to CrowdStrike, the group uses malware to run “big game hunting operations” and targets 18 different countries including the US and multiple industries, including manufacturing.

• May 10, 2021

  The Firm has totally recovered from the ransomware incident and avoided any serious breach or paying a ransom. The CIO worked more hours than at any other point in his career, logging an estimated 130 hours over the two weeks.

• November 2021

  The Firm never previously considered itself a ransomware target but has now reevaluated that stance. It has hired a service provider to run a security operations center on a 24/7 basis. It's implemented a more sophisticated detection and response model and implemented multi-factor authentication. It’s doubled its security spend in 2021 and will invest more in 2022.

“Now we take the approach that if someone does get in, we're going to find them out.” (John Doe, CIO, “The Firm”)

Implications: Organization, Process, Technology

External

• Organization – Organizations must consider how their employees play a role in preventing ransomware and plan for training to recognize phishing and other common traps. They must make plans for employees to continue their work if systems are disrupted by ransomware.
• Process – Backup processes across multiple systems should be harmonized to have both recent and common points to recover from. Work with the understanding IT will have to take systems offline if ransomware is discovered and there is no time to ask for permission.
• Technology – Organizations can benefit from security services provided by a forensics-focused vendor. Putting cybersecurity insurance in place not only provides financial protection but also guidance in what to do and which vendors to work with to prevent and recover from ransomware.

Internal

• Organization – The Firm was prepared with a business continuity plan to allow many of its employees to work remotely, which was necessary because the office network was incapacitated for ten days during recovery.
• Process – Executives didn’t seek to assign blame for the security incident but took it as a signal there were some new costs involved to stay in business. It initiated new outsource relationships and hired one more full-time employee to shore up security resources.
• Technology – New ransomware eradication software was deployed to 2,000 computers. Scripted processes automated much of the work, but in some cases full system rebuilds were required. Backup systems were disconnected from the network as soon as the malware was discovered.

Resources Applied

Consider the Alternative

Organizations should consider how much a ransomware attack on critical systems would cost them if they were down for a minimum of 24-48 hours. Plan to invest an amount at least equal to the costs of that downtime.

Ask for ID

Implementing across-the-board multi-factor authentication reduces chances of infection and is cheap, with enterprise solutions ranging from $2 to $5 per user on average. Be strict and deny access when connections don’t authenticate.

“You'll never stop everything from getting into the network. You can still focus on stopping the bad actors, but then if they do make it in, make sure they don't get far.” (John Doe, CIO, “The Firm”)

“The Firm” (Mid-Sized Manufacturer)

• During the crisis, The Firm paused all activities and focused solely on isolating and eliminating the ransomware threat.
• New outsourcing relationship with a vendor provides a 24/7 Security Operations Center.
• One more full-time employee on the security team.
• Doubled investment in security in 2021 and will spend more in 2022.