A survey by Constellation Research conducted between September and October revealed that the top budget priorities for CIO’s in 2021 are Digital Transformation and Cybersecurity, with those two categories significantly ahead of other areas of focus. Close to 1/3 of respondents report that their IT spending had declined during Covid-19, many by more than 10%, while only 7% saw their IT budget increase during the pandemic despite the universal increase in IT dependence amid the shift to remote work.
CIO’s also report being focused on ‘automation’ as the most important way to improve returns from IT spending, ahead of ‘portfolio assessment and rationalization’, or ‘using untapped by high leverage features/capabilities of already owned IT assets’.
Digital Transformation and Cybersecurity are rightly the top priorities for CIO’s—both in budget terms and in time allocation. Successful digital transformations have rapidly become one of the most critical elements of corporate success, and so the priority of protecting digital environment has never been more important.
However, it is somewhat concerning to see ‘Regulatory Issues’ dead last on the list with only 2.3% of the responding CIO’s identifying it as one of their top 5 priorities in 2021. One consequence of the SolarWinds breach is that there is highly likely to be a new focus placed on cybersecurity by regulators in the US, and likely in other countries as well. Indeed the recently passed National Defense Authorization Act in the US contained directives for cybersecurity positions and policy that were drawn from many of the recommendations in the bipartisan Cyberspace Solarium Commission. This will increase regulatory attention on corporate cybersecurity practices. CIO’s, C-Suites and BoD’s would be well-advised to prepare for this new environment.
Additionally, the focus on ‘Automation’ ahead of ‘Portfolio assessment and rationalization’ and ‘using untapped by high leverage features/capabilities of already owned IT assets’ is problematic. The latter two categories have been shown to deliver better results for most organizations, both in terms of impact on corporate budgets (i.e. they are cheaper) as well as being more effective for improving the company’s overall cybersecurity posture.