What CIOs are working on, Part 4 of 4

Over the past six months of guidance kickoff conversations with CIOs and CTOs, security, cost, and value almost always surface as top-priority initiatives. Leaders know that boards and executive committees care deeply about resilience, regulatory exposure, and technology spend, yet they often lack a simple, credible way to show how security investments and IT budgets translate into business outcomes.

In this final part of the series, I focus on what these leaders are doing to connect those dots. The stories span public insurers, banks, universities, and government agencies, but the same pattern emerges: Security initiatives, cost transparency, and governance mechanisms work best when they plug into a clear value cocreation flow rather than sit in separate conversations.

When discussions turn to security, cost, and value, three moves show up again and again:

  • Frame cybersecurity as a measurable resilience platform. In several organizations, cyber spend and board attention are rising quickly, and CIOs use this moment to reposition security as a resilience platform with clear metrics and horizons. An insurer expects cybersecurity spend to grow from 5% of IT budget to 7–10%. The same organization is working on a unified cyber strategy that combines spend benchmarks, security operations center operating-model choices, and quantum guidance into one board-facing narrative. A financial services firm is modernizing and consolidating Zero Trust network access with the twin goals of reducing threat surface and generating 20–30% savings on security licensing and 10–15% savings on administration effort. CIOs in these conversations describe security roadmaps as business cases for resilience: They quantify cost, risk reduction, and regulatory readiness together and position cyber decisions as part of the organization’s risk appetite, not just IT hygiene.
  • Use IT spend transparency to open board discussions about value. Many leaders are investing in IT financial management, cost benchmarking, and FinOps to change the tone of board conversations about technology budgets. A bank’s CIO team is building a view of technology costs at the asset and platform level, distinguishing fixed operational spend from discretionary growth investments, and using quarterly reviews to show how costs evolve as the transformation progresses and customer base scales. A financial services organization in Southeast Asia faces tight headcount constraints and data sovereignty rules; its leadership wants a justification paper that compares on-premises refresh and cloud migration in terms of scalability, regulatory fit, and long-term operating cost so that the board can see trade-offs clearly. In these organizations, IT financial management and strategic value offices work alongside strategy, enterprise architecture, and governance to turn business capability changes into funded, prioritized roadmaps.
  • Build governance and storytelling that connect strategy risk and portfolios. The third pattern is a deliberate effort to redesign governance forums and communication so that security, cost, and value appear together in a coherent story. At a national tax authority, a senior technology leader wants to give steering committees credible data on risk, technical debt, and disposition decisions so they can prioritize and pause initiatives with confidence. An insurer is asking Forrester to help shift its divisional planning conversations from lists of projects toward a high-performance IT view of initiatives across enabling, cocreating, amplifying, and transforming categories, making it easier for executives to see balance and trade-offs. A global energy company wants external input for a leadership workshop that spans strategic governance, business case excellence, and value cocreation across more than 5,000 projects, less than half of which currently have business cases; the goal is to frame decisions in terms of alignment, adaptivity, and trust rather than volume of activity.

Carry These CIO Lessons Into Your Next Move

These four themes (core modernization, data and AI foundations, operating model evolution, and board-level storytelling) form a coherent transformation agenda. CIOs who treat them as connected investments rather than separate workstreams tend to make faster progress.