What should CIOs focus on in 2025?

What should CIOs focus on in 2025?

A selection of sector voices on priorities for the coming year.

Dave Cole, CTO, Formstack

As we approach 2025, CIOs must prioritize AI-based automation as a strategic solution for filling open roles. Instead of traditional hiring practices, organizations should look to AI to handle tasks that are increasingly routine. Tier 1 support positions are an excellent starting point; these roles are progressively being managed by AI-enabled chatbots and search experiences, enhancing efficiency and customer satisfaction. Moreover, the use of AI in data analysis is revolutionizing the way insights are surfaced and dashboards are created, reducing the manual effort previously required.

We are also experiencing a significant shift from “software as a service” to “service as software.” This transformation challenges CIOs to reassess areas where straightforward, people-based services have been the norm. By questioning why certain roles cannot be partially or fully automated, organizations can unlock new efficiencies and drive innovation.

In addition to these shifts, it’s essential to keep a close eye on the transformation of in-house application development through AI. For example, designers can now generate front-end code from tools like Figma, which accelerates development and lightens the overall workload for teams. Meanwhile, agent-based computing models are becoming more mainstream, driving innovations for both front-end and back-end developers and elevating the role of graph databases in retrieval-augmented generation (RAG).

Furthermore, tools like Cursor are evolving the role of engineers from simple copilots to orchestration-driven models, where AI generates a significant portion of code through prompting. Over time, these advancements will enable smaller teams to produce higher-quality software more efficiently, redefining the future of software development.

Tim Hollebeek, VP, Industry Standards, DigiCert

In 2025, the CIO must prioritize preparing their organization for the emerging reality of quantum computing. While fully capable quantum computers, known as Cryptographically Relevant Quantum Computers (CRQCs), may still be a few years away, their potential to break current encryption methods demands attention now. With quantum computing advancements accelerating, CIOs should treat “Q-day”—the day when quantum computers can break widely used encryption algorithms—as an impending threat.

A key priority for CIOs in 2025 is transitioning to quantum-safe encryption methods. These new algorithms, which are nearing standardization, will protect sensitive data from future decryption attempts by quantum computers. Given that critical data and systems need to be secure for decades, the risk of “harvest now, decrypt later” attacks is real. Malicious actors may already be collecting encrypted data to decrypt once CRQCs become available. This is a particular concern for sectors like finance, healthcare, and government, where long-term data security is critical.

Another priority is ensuring that long-term digital signatures, such as firmware signing and network transmissions, are protected with quantum-resistant technologies. CIOs must lead the effort to assess their organization’s cryptographic infrastructure and develop a roadmap for adopting quantum-safe protocols well ahead of Q-day.

CIOs also need to keep an eye on the rapid development of quantum cloud computing services. While these services are not yet a threat to encryption, their evolution highlights the urgency of building a quantum-ready cybersecurity strategy to protect against future vulnerabilities.

Morey Haber, Chief Security Advisor, BeyondTrust

CIOs must prioritize several key areas in the New Year. A significant focus will be on quantum computing and the associated risks. As quantum computing becomes more capable, traditional encryption methods will face unprecedented threats. CIOs should begin adopting NIST’s post-quantum encryption standards to future-proof their organizations, especially in critical industries like finance​.

Another priority is identity security. Modern cyberattacks increasingly target identity rather than systems, requiring a shift from endpoint protection to robust identity verification practices. Continuous verification and improved identity management protocols will be critical to safeguarding privileged access.

Additionally, CIOs must address the complexities introduced by AI.

While AI has enabled advancements in automation and threat detection, it has also lowered the barrier for attackers. As AI evolves, CIOs should balance the potential benefits with the risks, ensuring that security investments do not overwhelm their teams with unintegrated tools​.

Finally, infrastructure and system upgrades will be a pressing concern as Microsoft ends support for Windows 10 in 2025. CIOs must plan for hardware upgrades to meet the security requirements of newer operating systems while managing the transition to alternative platforms for systems that become obsolete​.

By prioritizing these areas -quantum readiness, identity security, AI risk management, and infrastructure upgrades – CIOs will be better positioned to mitigate emerging threats and protect their organizations in 2025.

Dwayne McDaniel, Developer Advocate, GitGuardian

Non-human identities will come into focus as a major security and operational issue, and we need new approaches and more resources. As CISOs and other executives move to make their enterprises more resilient, Identity and Access Management (IAM) is going to shift away from being an afterthought of IT that Security teams need to address to keep their customers safe and will become an operational concern with leaders reporting directly to the C-suite.

While much of the current focus of IAM is on human identity and access, the markets are beginning to recognize the magnitude of the risk that mismanaged machine identities and their long-lived access keys pose to the whole of the enterprise. This builds on the already accelerating shift we have seen from focusing on hardening network perimeters to one of zero trust identity-based defenses that assume a breach is eventually inevitable. 

New budgets will be created, and allocated budgets for IT and security will be redirected to solve both the symptom secrets sprawl and find better ways to manage the non-human identity lifecycle. We will see a new breed of tooling emerge to address the observability needs around machine identity creation, permissions, use, and eventual revocation at a global scale. 

This will be a challenging road to travel for larger enterprises with thousands of legacy codebases. Still, there is evidence this shift has already begun in the largest organizations.  Smaller players and the SMB market will most likely follow once the tool ecosystem expands. Startups are, as always, in the greatest position to leverage technological advancements in this space, as we have previously seen with SaaS offerings, giving them a competitive advantage as they build their platforms faster and safer than larger companies can.

Ali Shaikh, Chief Product Officer, Graphiant

For CIOs, the priority in 2025 is to ensure that enterprise networks are modernized to meet the demands of artificial intelligence (AI). As AI becomes pervasive in business operations, networks must be upgraded to facilitate data movement, compliance, and performance.

Business leaders must embrace a network architecture that delivers on privacy and security while accelerating on-demand delivery of new services to their customers. This strategy ensures businesses meet AI’s high-speed data transfer requirements while maintaining cost efficiency and agility. CIOs must explore implementing Network-as-a-Service (NaaS) solutions, which provide scalability, cost savings, and advanced features like AI-driven traffic management and automated provisioning. This model empowers businesses to respond dynamically to AI demands without significant hardware investments.

With increasing use of AI, security and compliance will require increased focus and investment. Leaders should be prepared to respond to real-time threats and have an infrastructure that is ready to meet compliance regulations and global data sovereignty laws. AI models process sensitive data, often involving proprietary information, customer data, or critical business insights. Ensuring the security of this data throughout the AI lifecycle – during data collection, processing and storage – is paramount.

Browse our latest issue

Intelligent CIO APAC

View Magazine Archive