CIO Priorities

Analyst Perspective

Brian Jackson

Principal Research Director,
Special Projects,
Info-Tech Research Group

The leap to IT’s future is guided by the lessons of its past

In my Tech Trends 2026 report published in October, we challenged IT leaders to make the leap from now to next by adapting to a new role with a focus on building resilience in the face of uncertainty and unlocking capabilities from emerging technologies. But with the future so uncertain and technology changing so rapidly that tomorrow is unrecognizable, what does “next" mean for the CIO?

The exact definition of the role may be murky, but the core focus is clear – providing business value. Your father's IT department that propped up infrastructure, responded to service desk tickets, and received requirements from the business as they procured vendor solutions will be lore. The key to success for CIOs in the future will be answering the same question enterprises are asking of their AI investments heading into 2026 – where's the value?

It is popular lately to cite MIT’s study “The GenAI Divide: State of AI in Business 2025” and its headline finding that 95% of all AI pilot programs fail to deliver a measurable impact on P&L. The implication taken is that AI is all hype, with the narrative dominated by vendors who are pushing its adoption like enterprise snake oil. But dig deeper than the headline and you'll find some familiar insights that digital transformation veterans will recognize. First, the study also found that AI startups were the most likely to see revenues surge. You might call these startups “AI native" in the same way we saw “digital native" startups break through in the market in the early 2000s. AI is a transformative technology, and the easiest organization to transform is a greenfield one. Entrepreneurs can design around the emergent capabilities to maximize their value, while larger organizations with the weight of their legacy must commit to changing their ways process by process.

Another finding from MIT is that organizations that purchased AI tools from specialized vendors or through partnerships succeed two-thirds of the time. Savvy technology leaders know it's difficult to chase something that is not your core competency and do it well. It's why digital transformation saw IT abstract away the lion's share of infrastructure management and software design for the business.

It's why even the tech giants are making alliances with AI-native firms to power their capabilities in this area. Finally, the report acknowledges the rampant employee use of “shadow AI," or unsanctioned tools, and the inability to properly measure AI's impact on productivity and profits.

So, the message isn't that AI doesn't provide value. It's that to unlock the value, we need to orchestrate our strategy and operating models around its new capabilities. That we'll need to choose the right partners and manage them astutely. That we'll need to provide better tools with governance and bring our users back to trusted platforms while finding the right metrics to demonstrate success.

As I surveyed and interviewed CIOs for this report, AI was of course at the top of everyone's mind. Digging deeper, I also saw that CIOs are thinking about the capabilities that will help them deliver value with that new technology. For some earlier in the maturity journey, this means building a foundation that will lead to successful AI deployments. For others, it means elevating IT to take part in enterprise risk conversations for the proper cross-functional governance layer. Providing a core technology capability like cybersecurity and a data platform involves a combination of governance design and making the right partnerships. And doing it through a lens that demonstrates dollars-and-cents impact is crucial if IT is going to win further investment for technology-led transformation.

So, how do you make the leap from now to next? One step at a time, holding the hands of your trusted partners along the way

Innovators push the frontier on CIO priorities

Organizations with higher IT maturity are further ahead in their journey to seize IT’s moment.

This report will examine the differences between CIOs who are “Innovators" and those who are “Operators." CIOs identified their own overall IT maturity using Info-Tech's five-step scale in our Future of IT 2026 Survey. The “Innovators" group consists of CIOs who selected "IT is an innovator" as a response. The “Operators" group is a combination of those who selected “IT is a business/organization partner” and those who chose “IT is a trusted operator” – the majority of CIOs. This analysis is done to demonstrate what separates higher maturity organizations from most typical organizations. The report will also recommend two pathways to pursue for each priority based on maturity level, using “Innovators" and “Operators" as guideposts.

WHAT BEST DESCRIBES YOUR CURRENT LEVEL OF IT MATURITY?

(n=375 CIOs)

Info-Tech’s primary data sources inform our priorities research.

CIO PRIORITIES 2026

is built on the insights of Info-Tech’s primary research, including the Future of IT 2026 Survey, diagnostic benchmark reports, and in-depth interviews with IT executives. Our survey and diagnostic data provides answers to the questions of “what” organizations are going to do and “when.” The in-depth interview process adds the “why" and the “how" with deeper insights on execution.

FUTURE OF IT 2026 SURVEY

The Future of IT 2026 Survey was conducted between May and June 2025. The online survey received 738 responses from IT decision-makers across a broad range of industries and regions, with a focus on North America. This report includes analysis of only the survey responses from CIOs.

INFO-TECH DIAGNOSTICS

Diagnostic benchmark reports including CEO-CIO Alignment (n=94), CIO Business Vision (n=227), and the IT Management & Governance Diagnostic (n=254) reflect Info-Tech member results for the period of August 1, 2024, to July 31, 2025.

PRIORITIES INTERVIEWS

In-depth interviews were conducted with IT leaders between August and October 2025 to collect insights on priority-making and agenda-setting for 2025. In total, 25 interviews were completed to contribute to the CIO Priorities 2026 report. Unless otherwise noted, the “Opportunities," “Risks," and “Examples" sections of each priority are sourced from these interviews.

Moving from trends to priorities

Understand the priorities by analyzing both how CIOs respond to trends in general and how specific CIOs responded in the context of their organization.

CIO PRIORITIES 2026

1. Maximize AI Investments With a Focus on Value Streams:

   Embrace agentic AI to transform your business model

2. Prepare for the Unknown With a Proactive Risk Practice:

   Build a comprehensive and integrated view of risk

3. Empower Domain Experts With Data Accountability:

   Define your federated data operating model

4. Don’t Lose the Cyber Arms Race:

   Fight AI with AI to keep pace in cybersecurity

5. Run IT by the Numbers:

   Fund high-value, rapid impact digital and AI initiatives

Priorities 2026:

Priorities 2026: Seize IT’s moment with a technology-first action plan

FEATURED RESEARCH:

IT’s Moment: A Technology-First Solution for Uncertain Times

• IT can leap from now to next by mitigating risks, optimizing costs, and unlocking resources to drive innovation and AI transformation.
• “IT’s moment” identifies the pillars for IT leaders to contribute to a technology-first solution to help the organization thrive in uncertain times.
• Priorities reports focus on giving a functional perspective on how leaders can drive urgent change from within their role.

CIO priorities target highly relevant IT capabilities

No matter where you are in your maturity journey, improving the underlying capabilities is progress toward delivering on related priorities

1. Maximize AI investments with a focus on value streams
2. Prepare for the unknown with a proactive risk practice
3. Empower domain experts with data accountability
4. Don’t lose the cyber arms race
5. Run IT by the numbers

The perennial challenges of the CIO influence annual priorities

Connect long-term pain points to annual priorities to identify your path forward. Info-Tech identifies these challenges in the CIO Playbook.

Add your priorities to your strategic roadmap

Identify the priorities you want to pursue and add them as initiatives to your IT strategy roadmap for 2026.

A dynamic IT strategy is essential to execute on the CIO mandate of enabling business productivity, running an effective IT shop, and driving technology innovation. Info-Tech’s approach to focus on big-ticket items, continuously review and communicate the strategic imperatives, and implement accountable governance is your pathway to success.

Review the priorities in this report and identify which perennial challenges you most need to resolve. Next, review the priority recommendations and consider your own current-state maturity. “Operators” recommendations provide next steps for IT organizations that need to formalize processes and improve the foundation. “Innovators” recommendations are for those who are ready to push into the frontier and pursue a role of driving business transformation. No matter where you are on your journey, Info-Tech can help you pursue modern priorities.

FEATURED RESEARCH:

Build a Business-Aligned IT Strategy

• Perennial CIO challenges
• Annual CIO priorities
• Context-aligned initiatives

PRIORITY 01

Maximize AI Investments With a Focus on Value Streams:

Embrace agentic AI to transform your business model

Enterprise Architecture (EA)

AI Strategy

IT Organizational Structure

Designing for ROI from AI

To survive today, CIOs will need to architect for the frontier of AI transformation and put their organizations in a position to thrive tomorrow.

The rapid adoption of AI across enterprises since 2023 was spurred by generative AI, and the next wave in 2026 continues with agentic AI. Initial adoption was focused on augmenting workers with assistive chatbot tools inspired by ChatGPT. It was difficult to see a clear return on investment, however, as individual productivity gains didn't add up to more than the sum of their parts. With agentic AI, providers are aiming to back up their words with actions. Rather than just talking through different tasks with an employee, the AI can take it over and complete the tasks. Automation of new knowledge-based workflows in this way will require more than just a new technology deployment. It implies an organization-wide transformation.

The lessons learned from digital transformation can be applied well to a new chapter in AI transformation. The new technology brings with it capabilities that weren't as available previously, and rendering them optimally requires a well-architected environment. Just as digital transformation was more than deploying a cloud-based ERP, AI transformation will be about more than turning on Copilot. Transformation means a shift in how we organize our people and processes – a new operating model to take shape around the emergent capability of on-demand intelligence.

At the same time that AI presents a new opportunity for business transformation, pressures loom large. Global economic uncertainty threatens to stifle investment. Technical talent that's proficient with data and AI is scarce. Yet organizations are demanding more than ever.

To succeed, CIOs will require a mature enterprise architecture capability to build AI governance and partner in redesigning business process, setting the data foundation, and designing a high-value and aligned IT organization. Yet many organizations are struggling in this regard.

Organizations already using agentic AI

Source: Future of IT 2026 Survey; n=126 Innovators, n=216 Operators

Just over 76% of CIOs say their organizations will have invested in agentic AI by the end of 2026. Innovator CIOs are even more likely to invest in agentic AI, with 84.9% saying they are already using agentic AI.

Enterprise architecture's capability gap between effectiveness and importance

Enterprise architecture was rated with an average importance of 8.7 and an average effectiveness of 6.3 by IT leaders. The gap of 2.4 is the seventh-highest gap of all 50 capabilities.

Opportunities

DESIGN NEW REVENUE STREAMS AND BUSINESS MODELS

With intelligence on demand and agentic automation, CIOs can unlock new ways to generate value for the organization. Rather than seeking to augment business models or revenue streams already in place, some CIOs are considering what growth opportunities are ahead.

Proficiency in enterprise architecture will help transform AI potential into business growth by detailing a systematic approach. Applying some EA tools of the trade will provide clarity on how to achieve AI-powered growth:

• Use value streams and capability maps to identify where customers receive value from you today and where they could potentially receive value tomorrow. Identify how AI can remove friction for customers or deliver them more value from your organization.
• Use a reference architecture to understand the AI stack and how it aligns with the business.
• Goven with responsible AI policies and shared accountability so AI initiatives aren't derailed by risk.

ARCHITECT AI WITH RESILIENT PATTERNS

Anthropic’s Model Context Protocol (MCP) standard allows AI agents to interact with applications to automate tasks. While vendors are bringing their own MCP servers to market, IT shops that don't want to wait may have to build their own. Architecting the MCP server as a wrapper that is easy for developers to work with and offers exhaustive functionality enables developers to build many different types of clients, allowing agents to automatically connect with application data and functions (see Figure 1).

When it comes to users directly interfacing with AI, a parallelization pattern can help orchestrate better responses. For example, an LLM call router can split a prompt into three different calls to independent LLM instances and then combine them into a complete response. A parallelization pattern can be used either to create more redundancy by leveraging the same LLM for each instance or to provide resilience through diversity by using different LLMs for different calls. In this instance, a task is subdivided into different components that are handled by the best-performing LLM (see Figure 2).

AMPLIFIERS

What organizational context makes this a higher priority?

Funding earmarked for innovation; Mature change management approach.

Opportunities

FIGURE 1 – MCP WRAPPER FOR ENTERPRISE APPLICATION

Simplified diagram based on Anthropic’s Model Context Protocol pattern framework.

Opportunities

FIGURE 2 – SUBDIVIDED PROMPT

Simplified diagram based on Anthropic’s Model Context Protocol pattern framework.

Risks

RISKS DISCOVERED OUTPACE MITIGATIONS TWO TO ONE

Since launching in June 2024, MIT's AI Risk Repository has grown from about 1,000 documented risks to more than 1,600. It just goes to show how quickly the number of risks in this new area are emerging, with many more risks still unknown. Fortunately, MIT also maintains an AI risk mitigations database, with 831 mitigations organized into four main areas, as defined by MIT:

GOVERNANCE & OVERSIGHT CONTROLS

1.1 Board Structure & Oversight

1.2 Risk Management

1.3 Conflict of Interest Protections

1.4 Whistleblower Reporting & Protection

1.5 Safety Decision Frameworks

1.6 Environmental Impact Management

1.7 Societal Impact Assessment

TECHNICAL & SECURITY CONTROLS

2.1 Model & Infrastructure Security

2.2 Model Alignment

2.3 Model Safety Engineering

2.4 Content Safety Controls

OPERATIONAL PROCESS CONTROLS

3.1 Testing & Auditing

3.2 Data Governance

3.3 Access Management

3.4 Staged Deployment

3.5 Post-Deployment Monitoring

3.6 Incident Response & Recovery

TRANSPARENCY & ACCOUNTABILITY CONTROLS

4.1 System Documentation

4.2 Risk Disclosure

4.3 Incident Reporting

4.4 Governance Disclosure

4.5 Third-Party System Access

4.6 User Rights & Recourse

Source: MIT AI Risk Initiative, 2025

PROMPT THIS:

Use MIT’s AI Risk Repository to identify the risks of most concern to your organization and suggest the appropriate mitigations.

Type this prompt into your favorite LLM chatbot, replacing the all-caps placeholders with your custom instructions:

Use the MIT AI Risk Repository to perform a targeted risk assessment for our organization. Consider the following context about our organization and AI system or initiative:

• Part 1: Business context
  COMPANY / DEPARTMENT
  INDUSTRY
  KEY REGULATIONS (e.g. GDPR, EU AI Act)
• Part 2: AI initiative context
  Goal: CORE AI GOAL (e.g. prevent fraud, cut costs by 10%)
  Impact: IMPACT LEVEL: HIGH STAKES (e.g. lending money, medical diagnoses) or LOW STAKES (e.g. scheduling, content recommendation)
  Stage: PLANNING / TRAINING / TESTING / DEPLOYED Biggest concerns: MODEL FAILURE / PEOPLE
  (USERS or ATTACKERS)
  Data: NATURE OF DATA HANDLED
  User impact: WHAT ARE SOME CHARACTERISTICS OF THE USER GROUP?
• Provide back a prioritized list of the top 10 risks, mapped to the MIT repository's taxonomy, to add to our risk register.

Risks

SHADOW ARCHITECTURE

A well-architected plan that aligns organizational goals with technology investment and enables good governance is bound to go awry if people aren't following it. If CIOs can't create a consensus to get on board, other lines of business will seek their own solutions or individuals will use consumer AI tools to do their work. CIOs will realize the departure from their designs when their stakeholders submit an integration request and ask IT to take on maintenance of their ad hoc solution.

SKILLS GAP FOR LEGACY SYSTEMS

There is often a limited talent pool for legacy or niche software that can slow integration with other systems or cause problems migrating data to new systems when modernizing. This may limit design choices or at least slow down the realization of a transformation.

CONFLICT WITH ZERO TRUST SECURITY MODELS

Deploying AI assistants and other tools could cause friction with pursuing zero trust models. An intruder that gains access to an organization's internal AI tool could exploit it to discover internal documents and information to use in more sophisticated attacks against their target and gain more access to secured systems. Internal AI tools operate with an inherent amount of trust that's attached to user identity. If that identity is compromised, the AI tool can become a powerful asset for an attacker. Architecture is key to mitigating these risks.

PILOT PARALYSIS

A recent MIT study found a 95% failure rate in AI pilot projects (Kehler, 2025). While there are high expectations for the return on investment for AI, pilots may be measured against the wrong indicators to judge success. CIOs must communicate the value realized from AI investment well to graduate from pilot to implementation.

DAMPENERS

What organizational context makes this a lower priority?

Misalignment between AI pilots and organization objectives; Vendor limitations create friction in learning platform; Organization views IT as an order taker.

“If you’re going to combine the evolution of AI with also needing to do zero trust, then architecture has to be heavily involved.”

Andy Neill, Vice President,
Technical Counselor Program

CASE STUDY 1: MARKETING & ADVERTISING

Blue sky idea creates new revenue stream for media agency

Source: Cliff Cree, CIO, Horizon Media

Instead of IT fulfilling requests, customers are now leveraging the platform to achieve their goals.

At media agency and advertising services firm Horizon Media, CIO Cliff Cree is rearchitecting the organization's "Blue Platform" to include external-facing self-serve components. Until recently, Blue Platform was purely an internal service delivery tool used by employees to manually fulfill client requests.

Horizon's advertising customers put in requests to reach certain audience segments from Horizon's database. In the past, developers would write code to assemble the audience based on the requirements, which Cree points out put IT in an order taker mode. The process was opaque to the client, creating a trust deficit that prompted clients to raise questions about the data and methods used.

In the new customer-facing mode, Cree's team embedded an LLM into the platform's core. Now clients can use natural language to query the platform's capabilities and assemble an audience. Cree says control is put in the hands of the customer. "Because we have now built this LLM, we can give it to them and they can tinker with it, right? And we can charge them a fee to do these things," he says. Instead of IT fulfilling requests, customers are now leveraging the platform to achieve their goals.

The shift created a new revenue stream for Horizon. Whereas the manual work of building audiences was previously expected as part of the agency’s service, Horizon is now charging a fee for direct access to the Blue Platform. The feature has even helped attract new customers. "The clients love it," Cree says. "We've actually gained some new clients because they see it and they are like 'oh, I want that shiny little tool.'"

That tool is also building trust with clients by creating transparency. The platform attributes data sources used for building audience segments and allows clients to improve their targeting precision.

CASE STUDY 2: HEALTHCARE DELIVERY

SWAT teams” of architects bring service model to healthcare organization

Source: Executive Counselor, Info-Tech Research Group (former IT leader in healthcare delivery organizations)

Now an Executive Counselor at Info-Tech, a former IT leader in healthcare delivery organizations recounts a scenario that is familiar for many IT organizations in traditional industries: IT's time is consumed by meetings while they are flooded with project requests for the business and have no time to strategically prioritize which ones are valuable. The situation at this IT leader’s hospital hit the breaking point one Friday evening when the CFO pulled them and some other folks aside and said, “You're going to call your spouses and tell them you're not coming home for dinner tonight. You're going to sit with me here until 8, 10, or whatever it takes. Because I've got 500 projects in the queue, and maybe funding for 100 of them, and I need you to tell me what the top 20 are."

It was this IT leader’s moment. Recently the senior leadership team had attended a conference and learned about a service line model approach for IT. They returned with a directive for this IT leader to execute on it. They saw it as an opportunity to shift left and align better with the business by getting involved earlier in the decision-making process and operating in a proactive, rather than reactive, way. To support the model, the IT leader advocated to create five new principal architect positions. Dubbed the “SWAT team,” the architects would have cross-domain IT knowledge and act as scouts, investigating business problems before they reached the CIO's desk. The SWAT team assessed business needs with standard frameworks and clearly identified what would provide a return on investment

Continued on the next slide

CASE STUDY 2: HEALTHCARE DELIVERY

“SWAT teams” of architects bring service model to healthcare organization (cont’d.)

The outcome was huge. The IT leader cut out 46% of the project requests by deferring low-value requests. The IT staff loved it too, because they were more organized with proper project intake and prioritization. They knew how to work on the right things at the right time, and it was a major stress relief.

This SWAT team also set the foundation to adopt AI. Using AI in healthcare can carry significant risks, and the architects can help assess critical questions before an AI project is greenlit. The assessment starts with the question "What are we truly trying to accomplish with AI in healthcare today?" Then it explores the use cases and evaluates the benefits realization with a Time/Quality/Cost Savings framework while weighing that against the risks.

If IT isn't proactive in architecting for AI, it will lead to shadow AI in the organization. Other business leaders will drive the adoption, and "when that happens, the tail starts wagging the dog, and IT is told that you need to go implement this technology. Here we go back to reactive mode," the counselor says.

What are we truly trying to accomplish with AI in healthcare today?

From priorities to action

FOR OPERATORS WHO ARE STRENGTHENING THEIR FOUNDATION

Design an Enterprise Architecture Strategy

Bring order to complexity with scaffolding that supports technologies, data, applications, and the capabilities you need to achieve your strategic priorities. Demonstrate that enterprise architecture can address key pain points and specify where it helps to plan and deliver. Establish good principles and gradually implement broader standards as maturity develops.

FEATURED RESEARCH:

Build Your EA Practice Strategy

FOR INNOVATORS WHO ARE PUSHING THE FRONTIER

Define the Components of Your AI Architecture

Simplify your path to creating AI architecture with a component-based approach that serves your AI solution goals. Size up your AI use cases and estimate the ROI, effort to deploy, and probability of success. Then conduct a survey of data sources, data engineering, infrastructure, and more to highlight the right AI architecture.

FEATURED RESEARCH:

Define the Components of Your AI Architecture