Top 7 CIO challenges in 2025 and how to handle them

1. Integrating agentic AI

Agentic AI, following on the heels of generative AI, is already making its way into organizations. IT leaders believe the technology will become more widespread in 2025, as will the implementation challenges.

Anup Purohit, CIO at Wipro, a technology services company, said generative AI tools such as ChatGPT offer one-on-one productivity benefits. That is, individual users create prompts and receive a response to support their daily work activities. Agentic AI, in contrast, could be used to improve the productivity of a process that 500 people execute, he noted.

The resulting group-level productivity boost, over time, will boost the financial returns for organizations adopting agentic AI, Purohit noted. But businesses must embed the technology into their business processes to obtain those benefits.

"It's not going to be easy," Purohit said. "It will require a surgical focus when we want to integrate AI into their existing ecosystems and legacy applications."

Some corporate functions, however, might lack a formal business process to integrate with AI. Companies sometimes depend on organizational rules of thumb recorded on paper or stored in people's minds, said Simon Green, global CIO at Pax8, a Denver-based company that provides a cloud commerce marketplace. AI agents need that information encoded elsewhere.

"If you want to make the most out of the opportunities around AI, especially agent-based AI that drives actions on its own, you can't remain in a position where you rely on institutional knowledge," he said.

Instead, businesses will need to create carefully thought-out business processes supported with connected data sources and IT infrastructure. Some form of documentation is required to "train" AI agents to respond appropriately to assigned tasks, Green said.

"Everything has to become very well-linked in a well-explained pattern with well-defined interfaces among tools and systems," he said.

2. Refining AI metrics

In 2024, CIOs experimenting with generative AI shifted their focus to measuring the technology's business value and organizational cost. Technology leaders plan to further refine their AI metrics and ROI analyses in the coming year. They'll also subject agentic AI to a more rigorous assessment.

"The challenge is being able to clearly articulate and measure the value of these solutions," said Eric Johnson, CIO at PagerDuty, a digital operations management company in San Francisco. "How are you driving more revenue? How are you lowering cost? There is still a [knowledge] gap we need figure out."

AI assessment approaches will change as organizations seek to narrow that gap. Today, a business piloting a generative AI tool might rely on a vendor's survey of a limited subset of users to gauge acceptance and inform a decision on wider adoption, said Suha Can, CISO at Grammarly, a San Francisco company that provides an AI writing tool. But this approach doesn't justify larger investments, he asserted in a talk on AI measurement at the Gartner IT Symposium/Xpo 2024 in October.

"They send the survey to the employees and seven fill it out and the vendor says, 'Here's the survey data. Please purchase this tool for $200,000,'" Can said. "There is no way I am going to pay $200,000 to anybody because seven dudes were happy with the tool that was deployed. This will not work for us as we aim to understand what is going on."

Instead, Grammarly created an AI assessment framework that considers four key attributes of a new tool: compliance and security, quality, employee experience, and the effect on the organization's KPIs.

Kellie Romack, CDIO at ServiceNow, said her organization is also revising the way it evaluates AI. The main idea is to consider a wider range of measures. For example, an AI evaluation that emphasizes productivity but overlooks quality doesn't tell a complete story. A tool can save users time, but it might merely accelerate work that's poorly done, she said. "We need to be more comprehensive," Romack said.

With that in mind, Romack said ServiceNow keeps tabs on productivity and keeps a human in the loop as a quality check on content created through generative AI.

For quality check, ServiceNow uses AI Control Tower, an internal AI governance tool, which controls, trains and measures its AI models. The tool is monitored daily, which lets the company keep tabs on the number of models running, operational pipelines and the locations of failures, according to ServiceNow. The company also tracks real-time sentiment through in-app feedback. Users can give a thumbs up to content they find helpful or a thumbs down for content in need of improvement. A box lets them provide additional context.

Another important GenAI metric is employee or customer experience as measured through satisfaction scores, Romack added.

3. Dealing with AI-influenced cybersecurity

Cybersecurity persists as a top challenge for a CIO or CISO, but now AI adds a complication.

"The cybersecurity risk exposures are huge, and they're increasing tremendously with AI," said Brian Greenberg, CIO at RHR International, a leadership consulting firm based in Chicago. "AI and cybersecurity are increasingly linked."

He said that linkage has internal and external dimensions. A business must ensure its employees know how to use AI securely while facing threat actors outside the organization who can use AI tools to circumvent security protocols. AI, meanwhile, is also influencing how organizations detect threats.

Johnson said AI will continue to disrupt the security landscape, noting that business must address questions on how to manage expanding AI use. In addition, the ongoing evolution of AI and its attendant risks put enterprise security, risk and compliance groups in perpetual catch-up mode.

"Security teams are constantly trying to evolve their policies and tools to monitor the people aspect of it," he said, referring to employees' AI adoption.

But amid AI-related threats, some organizations still struggle with basic security measures, Greenberg noted. They might take a tick-the-box approach to compliance rather than internalizing the fundamentals of cybersecurity.

"They don't necessarily instill it as their normal, everyday consciousness," he said.

4. Maintaining focus on data quality and management

Improving data, the fuel for AI initiatives, will remain an important challenge in 2025.

That's the case for Mayer Brown, a New York City law firm that specializes in banking and capital markets among other areas. Evette Pastoriza Clift, global CIO at Mayer Brown, said she'll be emphasizing the firm's ongoing data journey in 2025.

"We have a treasure trove of data that we have collected for decades," she said. "Our focus will be on enriching our data next year and building a team that can support that."

The enrichment task will include bridging data across systems, getting a taxonomy in order, and cleaning data for decision-making and advanced analytics, Pastoriza Clift said. Higher quality data also supports Mayer Brown's AI adoption, she added.

"Our ability to have rich, accessible data is fundamental to being able to really develop and make use of AI," she said.

CIOs, however, might find it difficult to get senior management behind a data management initiative, especially amid the hype around AI. CIOs must communicate with business leaders to make the connection between the unglamorous work of tending data and the promise of AI, Pastoriza Clift said.

"It's a hard topic," she said. "But I think it's incumbent on us to narrate that story for the business and be able to explain the benefits of having our data in order."

Johnson also cited the need for good data to support AI projects and the difficulty of getting organizations to focus on data as preliminary step. The problem, he said, has persisted for decades, going back to ERP implementations 30 years ago.

"The importance of data quality has never gone away, but [businesses] still just want to fly past that part," he said. "It's not sexy. You say 'data governance' and people run. It's not something they are excited to get involved in."

But sophisticated, emerging technologies such as generative AI and agentic AI require a solid data foundation, Johnson said.

"If you have a strong data management program, you will get a lot more value and more opportunity to drive more use cases," he added.

5. Raising the profile of change management

Businesses sometimes fail to consider the workplace upheaval that comes with the large-scale adoption of emerging technologies. Generative AI and its potential for restructuring work have focused more attention on organizational change management. CIOs believe change management will become even more important in 2025 as GenAI projects expand within enterprises and agentic AI automates entire workgroups.

"In the next year, the pace of change is going to increase dramatically," Johnson said, noting those developments. "There's going to be a lot of change management in organizations."

At times, change management is "actually harder than the technology solution," Pastoriza Clift said. "You can work very hard to put something fantastic in place. But if you haven't gotten the willingness of people to make the change, you haven't moved the dial. You move the dial when they adopt the technology."

Mayer Brown is evaluating AI for use cases such as regulatory monitoring, business development and deal point extraction, she said. The latter use case involves identifying and mining the pivotal terms and conditions from M&A documents.

But convincing employees to accept a new approach to their workflow, especially when they've been highly successful with previous methods, requires emotional intelligence as well as change management, Pastoriza Clift said. The key task becomes "knowing how to have those conversations and how to get people excited about the change or willing to see value in the change."

6. Considering energy demand

The rising energy demands of AI will also rank among the top concerns next year. IT leaders in hyperscale data centers are already looking at non-traditional energy sources and cooling methods.

The top cloud computing vendors -- AWS, Google and Microsoft -- are looking into nuclear power as an energy source that could meet anticipated demand. Those companies as well as other data center providers also cultivate renewable energy sources such as wind and solar.

In addition, Gartner expects Fortune 500 companies to reprogram their energy budgets to deal with AI's energy demands. The market researcher said those enterprises, through 2027, will shift $500 million from Opex spending to microgrids, independent energy systems that serve a company or a group of companies.

"With the increasing compute requirements in AI and the power draws, I find it fascinating that different companies are starting to look at creating their own power-generation plants," Greenberg said.

Greenberg and other CIOs will be watching those developments as AI consumers. Assessing vendors' power consumption approaches and environmental effects have become "part of the buying decision" regarding AI and other cloud services, he said.

"Choosing providers that invest in renewal energy or innovative approaches such as nuclear power provides several benefits," he noted. Those advantages include
lower costs, scalability and consistent sustainability practices across all cloud services.

"By including this in our vendor evaluations, we strengthen our [environmental, social and governance] position and ensure our IT strategy supports the business' broader goals," Greenberg said.

7. Balancing AI, transformation initiatives

AI seems an all-consuming initiative at times, but the CIO must manage other IT projects in parallel.

Abhinaya Tayi, CIO at Forwardis, a freight forwarding company with headquarters in Berlin, Germany, faces this issue. The company has been pursuing digital transformation, moving from paper-based processes and Excel to new systems for managing customers' shipping needs.

The challenge is being able to clearly articulate and measure the value of these solutions.

"That itself is a challenge, and then comes AI," Tayi said. "You're driving this transformation in your business and, at the same time, the demand comes from management and the board. Everyone is hearing about AI."

To keep AI manageable, Tayi said she focuses on cost-effective tools that address an immediate business need and can be quickly deployed. In one example, Forwardis has started using software from Decisions, an Oslo, Norway, company that uses AI to recap meetings. The software, which works with Microsoft Teams and Office 365, required little training to get users up to speed, she noted.

At Mayer Brown, Pastoriza Clift also manages digital transformation amid the rise of AI. The law firm's transformation effort revolves around a cloud migration program, which will continue in 2025.

"Digital transformation needs to remain top of mind," she said. "I am very focused on migrating systems, such as email and document management, to the cloud where possible."

Migration lets Mayer Brown tap into technology vendors' software and service innovations that reside in the cloud.

"That's where development is taking place," she said. "You can't take advantage of all the richness of the features and technologies if you are not in the cloud."

AI adoption, meanwhile, can help accelerate a digital transformation program, Pastoriza Clift noted. That's because using AI helps automate repetitive tasks and facilitates other activities, she said.

"It is a very big effort to do both, but I see them as business imperatives," she said. "You shouldn't sacrifice one for the other."

John Moore is a writer for Informa TechTarget covering the CIO role, economic trends and the IT services industry.