Sutherland Global
  • Article
  • March 23, 2026

    • 10 Things Keeping IT Leaders Up at Night

    Originally published on cio.com

    CIO

    The CIO’s rise to prominence has led to high-profile responsibilities that — when coupled with the pace of technology and business change — bring more stress to the role than ever before.

    There’s a lot for CIOs to stress about these days — from longstanding concerns about uptime and availability to the quantum revolution on the horizon.

    Of course, there are plenty of other issues worrying CIOs here and now, too.

    “Where do I even begin?” asks Dan Inbar, senior vice president and CIO at Symbotic, which provides warehouse automation technology. “There are countless issues a CIO worries about every day, and often every night.”

    To be sure, the list of worries is long, but a constellation of concerns rises to the top. Here’s a look at what multiple IT execs say keep them up at night.

    1. Cybersecurity

    Cybersecurity is far and away the stuff of nightmares for CIOs. This shouldn’t be a shocker, given the scary stats on the growing number of cyberattacks, the rate of successful attacks, and the increasingly high consequences of being breached.

    “Cybersecurity commands a level of attention that goes well beyond a typical IT concern,” says Shane McDaniel, CIO for the city of Seguin, Texas. “A ransomware attack on our city is not simply an organizational disruption. It carries real civic consequences. Potential impacts to 911 dispatch, utility services, court operations, and the resident services our community depends on every day. People can be genuinely harmed. That distinction matters.”

    McDaniel also stresses the fact that CIOs don’t always have direct responsibility for incidents that can significantly impact their organizations.

    “What makes this especially sobering is that a meaningful portion of our risk exposure lies outside our direct control,” he says. “Third-party vendors introduce vulnerabilities that cannot be fully audited, and the threat landscape evolves faster than any governance framework can keep pace with. For a municipal CIO, the stakes are not measured in revenue or market share, they are measured in public safety and community trust. That is a fundamentally different kind of pressure, and one I take seriously even on the nights I sleep well.”

    2. Ensuring Data Security and Privacy in AI Deployments

    Organizations are clamoring for AI tools, and they’re looking to get those tools fast, yet the use of AI tools and the speed of implementation create risks around data security and privacy — risks that top the list of worries for many CIOs.

    “Information security has always been top of mind for CIOs, chief security officers, and others who partner to protect a business. Now the nascent technology and protocols that are used for AI to interact with enterprise tools and data have added a new layer of complexity to information security efforts,” says Matt Lyteson, CIO for technology platforms at IBM.

    Lyteson acknowledges the challenges of getting security and privacy right in the age of AI.

    “Managing the new reality calls for a lot of the same best practices that we’ve always had — there’s just less room for error than ever,” he says. “I see CIOs and technology leaders within businesses understanding they need to be more technologically astute than before, and have a deep, crystal-clear understanding of the business. That’s the foundation for meaningful conversations both with tech teams and business partners so that ultimately we can meet enterprise needs in a safe and effective way.”

    3. Owning Bad AI Outcomes

    There’s another concern weighing on CIOs: “When AI makes a bad decision, who is accountable for it? Who owns that decision?” So asks Doug Gilbert, CIO and chief digital officer at Sutherland, which provides digital transformation and business processes services. “If you have AI making autonomous decisions, like agentic does, who is the ultimate owner?”

    He notes that bad outcomes from shadow AI further complicate the ownership question.

    Strong AI governance helps mitigate the risks around shadow AI, bad outcomes, and ultimately bad decisions, giving some salve for CIOs, Gilbert says. But, of course, good governance doesn’t eliminate risks completely, leaving some level of stress for IT execs.

    4. Embedding AI into Core Business Workflows Responsibly at Scale

    “The biggest issue on my mind is how to embed AI into core business workflows responsibly and at scale,” says Saket Srivastava, CIO of work management platform Asana.

    It’s a common concern in 2026. After a few years of pilots and experimentation, CEOs and boards have said they want to start seeing ROIs on their AI investments. That has turned up the heat on CIOs.

    “We’re past the experimentation phase,” Srivastava says. “AI isn’t just helping someone draft an email or summarize notes; it’s starting to sit inside the workflows that drive finance, revenue, customer operations. That changes the CIO’s role in a very real way.”

    Today the test isn’t whether AI works, he adds. “It’s whether it’s implemented in a way that improves how work flows across the company.”

    Seguin’s McDaniel also cites the drive to harness AI responsibly as a top concern.

    “Responsible AI governance is both a new issue and a rapidly evolving one, and I’d argue it has taken on considerable urgency in just the last couple of years as AI tools have moved from experimental to mainstream, including within municipal government,” he says.

    “My philosophy is that guardrails and flexibility are not mutually exclusive. End users need the ability to leverage AI in ways that meaningfully enhance their workflows and improve service delivery, but that access must be structured thoughtfully,” he adds. “We are actively working through the compliance, data protection, and legal dimensions that come with AI adoption in a public sector environment, where the stakes around transparency, equity, and resident data are particularly high.”

    5. AI Governance That Keeps Pace with AI Innovation

    Given the rapid pace of AI innovation, Rishi Kaushal, CIO at digital security company Entrust, stresses about governance keeping pace with AI’s evolution.

    “AI innovation is progressing more rapidly than enterprise governance frameworks can adapt,” he says. “Whereas early AI applications were largely confined to passive chatbots, modern active agents are now capable of executing tasks, making decisions, and initiating actions. These advancements introduce significant challenges in areas such as accuracy, consistency, accountability, integration, and identity management.”

    He notes that “the reliance of agents on APIs to perform functions further complicates matters, as many legacy systems lack comprehensive and well-documented APIs, resulting in a substantial gap between current capabilities and future requirements. Additionally, organizations frequently attempt to deploy agents atop inefficient human processes instead of redesigning workflows to leverage AI effectively.”

    As a result, risk escalates alongside adoption rates, Kaushal says, “outpacing the development of adequate governance practices.”

    Kaushal knows how critical good governance is, and he has a risk-mitigation strategy that starts with redesigning workflows for AI. “Processes must be rebuilt to optimize AI enablement, with clearly defined decision boundaries, escalation paths, and human-in-the-loop oversight for high-stakes actions,” he explains. “We can’t simply layer agents onto inefficient human processes and expect trust to follow. Instead, we have to intentionally design where agents add value, where humans retain authority, and how accountability is maintained.”

    He’s also focusing on securing these systems, applying zero-trust principles to AI agent identities, and using least-privilege access controls to tightly govern what agents can access and execute as well as where they can send data.

    6. Aligning IT and the Business

    Losing alignment between technology investments and business outcomes is the biggest worry for MongoDB CIO Deepa Gopinath.

    “We are at an inflection point, where the role of IT is evolving from an integrator into a builder and with that comes the challenge of translating what we build into measurable outcomes for the business,” Gopinath says. “CIOs need to ensure that AI or technology aren’t deployed for their own sake. Every initiative must have a measurable impact. If it doesn’t move a core business KPI, it shouldn’t move forward.”

    AI, she notes, only ups the ante.

    “We are increasingly being seen as the technologist arm of the company that can help propel internal operations of a company into the AI era. If we don’t intentionally lead that evolution, we risk being perceived as a cost center instead of a value creator,” she says. “That’s consequential, because in today’s environment, technology is inseparable from growth, efficiency, and customer experience.”

    To ensure success, Gopinath says CIOs “must run IT like a product organization” with “clear roadmaps around [customer] pain points and desired outcomes, prioritize based on business value, and continuously iterate based on feedback.” And success, she says, “should be measured by tangible business impact: shortening sales cycles, increasing productivity, enabling better decision-making, and ultimately improving customer outcomes.”

    7. Delivering Impactful Transformation

    “Tech is table stakes and transformation is the new standard of impact,” says Gary Flowers, CIO, Transformation and Technology Services at nonprofit Year Up United. “If you are not moving the organization forward from a tech standpoint, your job and department should be an outsourced commodity.”

    Long gone are the days that CIO success was measured on whether applications functioned as expected. Rather, success is now based on whether those applications and the data associated with them are “moving real measurable metrics forward that impact customer confidence and top-line revenue or internal efficiencies,” he adds.

    8. And Delivering That Impactful Transformation Continuously

    One successful transformation is not enough, Flowers says. It’s one after another after another.

    “It has gone from continuous improvement to continuous self-disruption,” Flowers adds.

    It’s stressful, he admits, but he has found a strategy for dealing with it: “I cope with transformation by making it part of the ethos of my department. Even my pure technology team is always looking for a way to disrupt and move the organization forward.”

    His mantra, he says, is “always Netflix, never Blockbuster.”

    9. Upskilling as Fast as Technology Evolves

    CIOs also cite talent issues, another perennial worry for many CIOs. Today, though, they worry specifically about having talent capable of learning new skills as quickly as technology evolves.

    As Flowers says, “What is an entry-level position in the world of AI and what AI skills do all technologists require is a question that needs to be hit head-on.”

    Nina Tatsiy, CIO of tech company Quadient, echoes that, asking “Things are changing so quickly and dramatically, how can CIOs and our teams keep up?”

    Tatsiy is tackling that challenge.

    She herself is diligent about learning: connecting with peers to exchange ideas, meeting with advisors, going through online material on weekends.

    She also established Friday afternoons as self-development time for her IT staffers to engage in experiments and learning. “It’s in their goals and objectives; it’s part of their performance criteria,” she says, “because they’ll be irrelevant if they don’t invest that couple of hours a week to learn.”

    10. Being Flawless at the Fundamentals

    Leading CIOs often note that they engender the trust of their executive colleagues to lead innovation and transformation by being “flawless at the fundamentals.” That task in and of itself is a big one that weights heavy on the CIO mind.

    “‘Keeping the lights on’ is just one piece of our role, but any impact to company operations, employee productivity, or brand reputation is always front and center,” Inbar says. “On top of that, delivering enterprise programs on time, on budget, and at the expected level of quality is absolutely critical, not only for the company’s success but also for something I think about constantly: my team’s brand and reputation. It takes years to build credibility and only moments to lose it. By extension, it’s also my own reputation, and I work very hard to protect it.”

    About The Author: Mary K. Pratt is a freelance writer based in Massachusetts. She worked for nearly a decade as a staff reporter and editor at various newspapers and has covered a wide range of topics over the years. Her work has appeared on the Wall Street Journal, the Boston Globe, the Boston Business Journal, and the MIT Technology Review among other publications. Today Mary reports mostly on enterprise IT and cybersecurity strategy and management, with most of her work appearing in CIO, CSO, and TechTarget.