Logo
Become a Client

Generative and agentic AI have begun to completely transform how enterprise applications are designed, delivered, and engaged with by users.  

AI assistants that work reactively and cooperatively with humans to provide productivity and efficiency gains, as well as AI advisors that provide enhanced insights and recommendations to organizations, have both quickly become must-haves in modern software.   

AI is helping to transform software solutions that have historically been passive tools, into active decision-making partners, through advancements in machine learning, natural language processing, LLM development, and widespread generative AI advancements.

IDC estimates more than 50% of the enterprise application market is already AI assistant or AI advisor-enhanced, with most software solutions now offering at least some level of these embedded capabilities.  Beyond this, approximately 20% of the market is also now further supplementing their applications with complete AI agents. 

These agents are independently perceiving, evaluating, and acting upon data, helping to move organizations toward more integrated and autonomous work practices.

The Agentic Shift

While AI assistants and advisors rule the day, AI agents are going to win the race, and we are only a few short years away from this pivot occurring.  Over the next 3-4 years, generative and agentic AI advancements will help push enterprise applications to a state where most offerings available will be significantly enhanced and augmented by agent-driven capabilities. Agent-driven interfaces will become more dominant, and reliance on traditional interface and UI design will begin to fade.  This will result in slowing development of AI assistants and advisors, and a more prominent focus on text prompt and voice-based user engagement.

This evolution in software will ultimately result in most enterprise applications evolving to become agent-led, where agents replace entire functional areas within the application.  For example, within supply chain management (SCM), we will see an agent for all inventory management responsibilities, another agent for logistics, and so on, and the traditional interfaces in enterprise software that we have grown accustomed to over the last two to three decades will become less frequently used.  

Eventually, we foresee agents taking the next logical step and replacing entire applications, with this phase likely starting to ramp up more significantly by the early 2030s.  For instance, we will see companies enlisting an SCM agent, or possibly an entire fleet of SCM agents, instead of traditional SCM software.  The same will occur in other functional markets, such as a CRM agent/agent-fleet, HCM agents, EAM agents, finance agents, etc.  

In IDC’s recent Future Enterprise Resiliency & Spending (FERS) Survey, which polled nearly 900 companies during February 2025 about the impact they expect AI agents will have on their enterprise app investments, more than 80% of companies said they believe “AI agents are the new enterprise apps, triggering reconsidering of our investments in packaged apps”.

Vendors Must Keep Pace to Remain Relevant

With this agentic shift looming on the horizon, it is extremely important that software vendors pay close attention and keep pace to ensure that they remain relevant and competitive.  Traditional barriers to entry into enterprise application markets will be increasingly challenged by a new era of software solutions that are designed as agents and are quicker, easier, more effective, and more intuitive to use than conventional software. 

Dozens of agentic startups will aim to compete and win market share from traditional software vendors, and “agents as apps” will open the door for a new generation of enterprise application competition.  Likewise, platform vendors will look to overlay agent capabilities on top of, and across applications, as they too try competing further up the stack.  Results from IDC’s FERS survey further support this notion, with 83% of companies stating they believe “AI agents create a new intelligence layer over apps, eliminating barriers to switching between suppliers”, and 76% of companies confirming that “AI agents mean we are more likely to consolidate our enterprise app suppliers”.

Now is the time when today’s incumbent enterprise software vendors should already be planning for this agentic shift, formulating a product roadmap transformation strategy and timeline that will keep pace and proactively protect their portfolio and market share over the next 5-10 years. 

To help software vendors envision this journey more clearly, including its expected timing and the steps through which applications are set to evolve, IDC has published its framework for the agentic evolution of enterprise applications, which is shown in the figure below.  The diagram shows both the phases through which we expect software to evolve, as well as our estimated distribution of adoption timeline This illustrates how quickly enterprise software is currently expected to make this agentic pivot.

Where does your organization currently fall on this journey? Have you already designed your product roadmap to become agent-led? Have you evaluated your competitive differentiation to ensure its sustainable and defendable throughout this agentic pivot?  Let us know, we would love to hear from you!

Contact Us

Eric Newmark - Group Vice President/General Manager - IDC

Analyst Profile
Eric Newmark is Group Vice President & General Manager of IDC's SaaS, Enterprise Software, and Worldwide Services Division, which includes several teams of analysts covering Software-as-a-Service, 18 enterprise application markets, industry cloud, software monetization, business platforms and marketplaces, and professional services firms focused on outsourcing services, engineering services, and global services, markets, and trends. Eric also leads or co-leads three of IDC's cloud data products, including Industry CloudPath, SaaSPath, and Industry AI Path, which collectively provide global intelligence and benchmark information on the cloud, SaaS, and AI markets, across 30 industries. These programs provide strategic guidance and advisory services to both technology providers and industrial companies on technology adoption, maturity, deployment models, best practices, vendor ratings, purchasing preferences, and buyer journeys.

Observability is rapidly evolving as organizations across Europe embrace digital transformation, cloud adoption, and AI. As IT environments become more complex, traditional monitoring approaches are no longer sufficient.

The future of observability in Europe will be shaped by advancements in AI-driven analytics, regulatory requirements, sustainability goals, and the increasing need for proactive system intelligence. This shift will impact enterprises, public sector organizations, and technology vendors as they strive to optimize performance, enhance security, and control costs.

IDC’s MarketScape: European Observability Market 2025 Vendor Assessment evaluates the major players based on their observability portfolios, solutions, and go-to-market strategies. Key trends highlighted in this document include:

1. AI’s Role in the Observability Space

AI/ML will redefine observability in Europe by enabling automated anomaly detection, predictive analytics, and intelligent remediation. AI-driven observability platforms will help organizations move from reactive to proactive monitoring, identifying potential issues before they cause business disruptions.

One key development is AI-powered incident response, which correlates vast amounts of telemetry data (logs, metrics, traces) to detect patterns and surface actionable insights. This will reduce mean time to resolution (MTTR) and enhance IT efficiency. GenAI will assist IT teams by summarizing alerts, suggesting fixes, and automating routine tasks.

With the increasing adoption of AI observability tools, European enterprises will focus on data quality and contextualization to ensure accurate AI-driven decision-making.

2. European Regulations

Europe has some of the world’s most stringent data privacy and cybersecurity regulations and these will significantly influence the future of observability. Organizations must ensure that observability platforms align with regulations like the GDPR, the NIS2 Directive, the EU’s AI Act, DORA, and the CSRD.

These regulations will drive data sovereignty initiatives, pushing European businesses toward in-region observability solutions that ensure compliance with local data residency laws. Vendors will need to offer localized cloud services, on-premises deployment options, and sovereign cloud observability solutions.

3. The Value of Observability in Meeting Sustainability Goals

As sustainability becomes a top priority, European organizations will increasingly integrate GreenOps principles into their observability strategies. The focus will be on energy-efficient infrastructure monitoring, carbon footprint analytics, and sustainable FinOps.

Governments and enterprises will require sustainability observability dashboards to comply with the EU’s CSRD and ensure transparency in emissions tracking. Cloud providers and observability vendors will respond by embedding carbon intelligence features into their platforms.

4. The Rise of Open Observability Standards

To improve interoperability and avoid vendor lock-in, European organizations are embracing open source observability frameworks such as OpenTelemetry and Prometheus. These standards enable unified data collection across hybrid and multicloud environments, ensuring greater flexibility and cost efficiency.

As European enterprises prioritize vendor-agnostic observability, the market will see increased adoption of self-hosted and open source observability solutions, particularly among companies concerned about data sovereignty and compliance.

5. Security and Cyber-Resilience

With the rise of sophisticated cyberthreats, observability is becoming a key component of security operations. Security observability will integrate with SIEM and detection and response platforms, enabling real-time threat detection and automated incident response. Future observability solutions will focus on zero trust observability and AI-powered threat intelligence.

Conclusion

Observability in Europe will be driven by AI, regulatory compliance, sustainability, open source adoption, and enhanced security measures. Organizations will increasingly adopt intelligent observability platforms that provide end-to-end visibility across complex IT ecosystems, helping them optimize performance, mitigate risks, and achieve compliance. As these trends accelerate, European enterprises must invest in cutting-edge observability solutions to stay competitive in an evolving digital landscape.

Reach out to Filippo Vanara to learn more about how IDC can help you on your observability journey in Europe.

For more information about the upcoming EU regulations (specially regarding AI and ESG) and learning how to navigate these changes, adapt to new standards, and leverage Europe’s unique approach to digital governance as a competitive advantage, register for our webcast here: Simplifying EU Digital Regulations: Opportunities in ESG and AI

Filippo Vanara - Senior Research Analyst, European CloudOps, IDC - IDC

Analyst Profile
Filippo Vanara co-leads and contributes to IDC's European CloudOps and Cloud Governance and Europe, Middle East, and Africa Sustainable Strategies and Technologies research programs. He also contributes to associated consulting projects. FinOps and sustainable operations (GreenOps) are, among others, key research areas in his research agenda. Joined IDC in 2019 and London-based, he is part of the European cloud practice, but he previously covered other key technologies such as the Internet of Things (IoT) and edge computing.

The EU’s Corporate Sustainability Reporting Directive (CSRD) aims to revolutionize corporate reporting via the transparent environmental, social, and governance (ESG) reporting of key performance indicators (KPIs), strategies, and monitoring. The CSRD’s impact has been substantial, with around two-thirds of EMEA companies reporting in accordance with the 2028 compliance deadline.

CSRD reporting standards — including more than 1,000 data points consolidated for certain industries — has elevated ESG data architectures to a new high and become an unspoken benchmark for ESG reporting globally.

Omnibus Simplification Package Creates Regulatory Uncertainty

In February 2025, the EU’s Omnibus Simplification Package was introduced, driven by the EU Competitiveness Compass, which aims to simplify sustainability reporting and reduce the administrative burdens on business and promote competitiveness. It presents far-reaching changes to the CSRD and other EU ESG regulations (e.g., the EU taxonomy, CSDDD, and CBAM). Key elements of the proposal include:

  • The number of companies mandated to report is reduced by 80% by increasing company size to >1,000 employees.
  • Small and medium-sized businesses are exempt from reporting but can adopt voluntary reporting standards (VSME).
  • Within the ESRS, fewer and more simplified datapoints (KPIs) have to be reported and some will become voluntary.
  • There will be no (mandatory) sector-specific ESRSs.
  • Implementation of CSRD for the second wave of companies (large EU-based companies) is postponed for two years.
  • The requirement for reasonable assurance is removed (only limited assurance required).

The proposal is under debate in the European Parliament and the European Council. A finalization — and thereby clarity for businesses — cannot be expected for several months.

At the same time, banks and other investors still require sustainability metrics for lending decisions and/or fund allocation to achieve their ESG targets and risk management. Consequently, even companies potentially now exempt from CSRD will face indirect ESG disclosure pressure, leading to a two-tier ESG reporting ecosystem: those who report for compliance and those who report for investors.

Finally, there is a small but growing number of companies that actually perceive sustainability (and ESG reporting) as a benefit, potential business growth driver and, thus, competitive advantage.

CSRD Maturity is Still Limited in EMEA

Our new research on the CSRD readiness of European businesses has shown that ESG regulation (and CSRD in particular) is still often perceived as a cost burden, as it requires additional resources, new skills, changes in data architecture and management, new technologies to be implemented — and a new level of collaboration across silos within the business and partner ecosystem.

CSRD maturity is still limited among European businesses. Only one in five EMEA businesses is in the mature stages of CSRD readiness, currently publishing or finalizing their first-ever CSRD report. They have invested substantially in human and technology resources to hit the crucial milestone and are looking to leverage the CSRD data, processes, and expertise to further generate value for the business.

Our CSRD Readiness Report reveals that CSRD-mature organizations consider ESG/sustainability practices pivotal for fostering innovations that improve business resilience and customer satisfaction. They rely extensively on the support of external service and technology providers, particularly to develop CSRD/ESG reporting strategies, implement ESG data management platforms, and leverage AI/GenAI.

This creates ample opportunities for business service providers and technology vendors. But it is essential to understand market segment maturity levels as well as differences in challenges and requirements (e.g., by geography, industry, company size) so as to adequately adapt solution design and go-to-market strategies.

Sustainability Initiatives Generate Business Value for EMEA Companies

On a positive note, our research results illustrate that becoming more sustainable is clearly perceived as being increasingly important for enterprise value creation. A significant number of European companies are seeing real business benefits generated by sustainability initiatives.

What business outcomes were achieved or are expected to be achieved within 1-2 years by your organization’s current or planned sustainability initiatives?

As shown in Figure 2, nearly half of EMEA companies see competitive advantages and innovation, and nearly 40% realized revenue and profit growth.

Interestingly, it is precisely these topics, innovation and growth, that European CEOs list at the top of their agenda for 2025 (as found in IDC’s February 2025 CEO Perspective on Technology Survey). So it comes as no surprise that investment in ESG/sustainability technologies remains among the top 3 technology investment priorities of European CEOs in 2025.

For technology and service providers, this implies that offerings increasingly need to focus on showcasing how sustainability solutions are geared toward these aspects. In particular, it will be critical to illustrate how CSRD reporting initiatives help to foster innovation and growth.

If you want to know more about our Sustainability research, visit our website here.

Katharina Grimme - Associate VP, Research and Practice Lead, EMEA Sustainable Strategies and Technologies - IDC

Analyst Profile
Katharina Grimme has more than 20 years' experience as an industry analyst and strategy consultant in the tech industry and is leading is leading IDC's Sustainability research in EMEA. With her expertise and passion for sustainable concepts for business, society, and digitization, she drives thought leadership at the intersection of sustainability and digital transformation.

Shadow IT, or black IT, is a reality in most organizations today. The concept refers to technology solutions — software, services, and infrastructure — procured and implemented by business units without formal approval or oversight from the IT team and fueled by decentralized technology budgets and the proliferation of cloud services. While shadow IT presents significant risks, it can also drive innovation.

For CIOs, the question shouldn’t be about whether to eliminate shadow IT but how to harness its potential while mitigating its dangers.

At its core, shadow IT arises from frustration. Business teams focus on speed and results, often perceiving IT as an obstacle rather than an enabler. In some cases, this frustration is justified — IT inefficiencies can slow progress. However, organizations that prioritize maximizing the value of existing technology over continuous innovation may inadvertently drive business units to seek their own solutions.

There are organizations that go to great lengths to eliminate shadow IT. Often this is through policy and stringent financial controls that make it almost impossible to procure anything that looks technology related. The cost of policing these restrictions can be high, both in terms of effort and potentially in terms of lack of business agility.

The 5 Key Risks of Shadow IT

While overreach in policing shadow IT can be problematic, letting it run rampant is ill-advised, as it carries five negative implications for organizations. CIOs need to be aware of these risks:

  • Increased costs: Procurement handled at the business unit or team level rarely benefits from volume discounts or enterprise agreements. Without IT oversight, organizations miss cost-saving opportunities through standardization and economies of scale.
  • Security and compliance risks: Teams focused on immediate needs often overlook security and regulatory requirements. Unvetted solutions introduce data privacy risks, non-compliance with industry standards, and potential cybersecurity vulnerabilities.
  • Redundant and incompatible systems or data: Multiple teams purchasing similar but non-integrated solutions leads to fragmentation: data silos, duplicated efforts, and inefficiencies that hinder long-term digital transformation strategies.
  • Vendor manipulation and lock-in: Non-IT professionals negotiating directly with technology vendors might not ask the right questions about scalability, integration, or long-term costs. This can result in poor contract terms, hidden fees, and vendor lock-in.
  • Wasted time and effort: Each meeting with suppliers to discuss the same questions that others in the organisation have discussed is wasteful. Each hour spent on implementing a system that already has an implemented alternative is wasteful.

Shadow IT: A Sign of IT Failure or a Form of Business Agility?

Despite its risks, shadow IT is not necessarily a sign of failure. Uncontrolled shadow IT can indicate dissatisfaction with IT’s responsiveness, but it also signals business units’ willingness to innovate. The real issue is not the existence of shadow IT but whether it is being leveraged constructively.

Organizations that take an overly rigid stance — blocking all non-standard technology purchases — often end up stifling innovation. A CIO’s role is not just to prevent risk but to create an environment where business-led innovation can thrive without compromising security, compliance, or efficiency.

In fact, shadow IT can be an exceptionally effective source of innovation. It can be an asset when professionally managed. And business teams often procure solutions that directly address their pain points.

So, how can IT leaders embrace shadow IT without losing control?

Three Strategies to Harness Shadow IT

In my experience as advisor to CIOs, I have helped implement three methods that work well to satisfy business units’ thirst for agility in a controlled way.

Implement an IT-Approved “Solution Finder”

Think of it as an internal IT marketplace — a curated list of approved SaaS solutions, third-party tools, and integration-friendly alternatives. This provides business units with a faster, sanctioned route to solving their problems while ensuring security, compliance, and cost efficiency. Encourage collaboration between IT and business teams by allowing teams suggest technology that would otherwise become shadow IT.

Create a Protected Budget for User-Driven Innovation

Allow business teams to pledge partial funding from their budget toward team-defined technology investments. IT can aggregate these requests and match these pledges with a dedicated innovation fund, ensuring proper vetting while enabling efficient business-led experimentation.

Introduce a “DARC Tax” on Risky Shadow IT

If teams invest in what I like to call DARC (dangerous, awfully conceived, redundant, or costly) solutions, they should face financial consequences. A budget penalty on non-compliant purchases encourages better decision-making and incentivizes teams to engage IT earlier in the process. It can also be used to remedy the issues caused and even to fund user-driven innovation. As for how to enable a mechanism that roots out non-compliance and applies a penalty, charge-back methods can work quite easily. For instance, business units that are running old software are sometimes charged a premium against their P&L, as incentive to upgrade. Similar penalties could be applied to DARC software.

Partnering with LOBs

IDC believes that partnering with lines of business to regulate and leverage shadow IT is the only viable solution to a problem that is getting worse year by year. IDC’s Moving from Shadow IT to IT-Business Joint Ventures report gives actionable advice for CIOs and can be implemented with assistance from the IDC Executive Advisory service.

The Bottom Line for CIOs

Completely eliminating shadow IT is neither feasible nor desirable. Instead of fighting it, CIOs should channel it, turning unsanctioned technology adoption into a structured, business-aligned innovation strategy.

By offering guidance, funding, and guardrails, IT can support business agility while reducing security, compliance, and cost risks.

Shadow IT is not the enemy — it is an opportunity. The question is: Will your IT organization embrace it strategically, or continue to resist the inevitable?

As self-service tools, low-code platforms, and “citizen developers” gain traction, IT organizations must shift toward the role of enabler, not gatekeeper. The future of IT leadership lies not in control, but in collaboration.

Learn More

Marc Dowd - Principal, Client Advisory - Research and Consulting - IDC

Analyst Profile
Marc Dowd is the principal for IDC’s European client advisory practice. Dowd has over 25 years of experience working with the leaders of corporate IT across a wide range of industries. This includes 9 years as principal for EMEA advising CIOs of large international companies and government bodies for Forrester Research. Recently he has been focusing on Digital Transformation (DX) and the use of emerging technology such as AI, IoT and blockchain to develop new business models and business capabilities. His experience enables him to provide CIOs and strategic business planners within organisations who use technology, with market and customer insight, analysis, tactical advice, forecasting and technology trend intelligence to senior management teams at local, regional and worldwide levels.

Employees are often highlighted as the first line of enterprise cybersecurity defense. But who – and what — safeguards our households as we become more connected and digital plays an ever-greater role in our personal and civic existence?

Consumer digital life protection (CDLP) solutions seek to provide the security and privacy controls that households need for their identities, devices, home networks, and digital transactions and interactions. These tools include everything from antivirus and password managers to VPNs and secure home networks.
However, with no security or IT department to advise or support them, are European consumers making the right choices about which technologies to adopt — and do they feel confident about deploying them?

IDC’s 2025 CDLP Survey, which included respondents from the three major European markets of the U.K., France, and Germany, provides insights into the home security goals and challenges of European households.

A Tormented Target Market

The research found that almost half of European consumers lack confidence in selecting the right CDLP solutions. Many simply don’t know what they need — and those that do know find it difficult to choose between the different offerings of different providers. Almost one-quarter of consumers say that CDLP solutions are too difficult to use. Finally, many are concerned about additional costs in their household budgets.In fact, affordability and ease of use are cited as the top priorities for European consumers when it comes to choosing CDLP solutions. Despite that, potentially advantageous bundled offerings are not so attractive. This suggests that vendors could do more to optimize such bundles and educate prospects on the benefits of a comprehensive package.

What would such packages need to deliver? The most common consumer complaints are forgotten passwords/password resets, but these are not the only challenge. Others include deteriorating PC performance, lost devices, virus infections, online scams, or simply becoming uncomfortable with the level of personalization in online ads and websites. Many users have suffered one or more of these incidents.

Accordingly, the top priorities for CDLP measures center on protecting PCs from viruses and malware and safeguarding ecommerce and ebanking transactions. Maintaining unique and complex passwords for each account and blocking access to phishing and sites that host malware are also very important.

Trusted Providers

When it comes to who consumers trust the most to meet their CDLP requirements, security technology vendors are the clear top choice, cited by one-third of respondents. Device or software vendors follow, mentioned in just over one-quarter of the interviews.

In terms of technologies, consumers are most willing to pay for VPN, secure home networks, and antivirus. For any given CDLP technology, between one-third and one-half of consumers opt for a free solution.

Spreading the Word

Reaching the market is also a challenge: Word-of-mouth recommendations from friends and relatives is the most frequent trigger for adoption of CDLP technology. Pre-installing solutions on new devices is also a dependable route to drive adoption.

Conversely, online advertising and news articles seem to have a limited impact. The techie uncle of the family can be as effective at driving purchase decisions as any glossy ad splash. This is a challenging audience to market to.

The European CDLP market surpassed $2.1 billion in 2023 and is projected to expand at a CAGR of 3.7% into 2029. Difficult digital experiences and a rising level of concern about the risk and exposure in consumers’ digital lives can drive adoption of premium CDLP solutions.

Nevertheless, CDLP vendors must improve awareness and understanding of their paid solutions and subscriptions. They may need to rethink their approach: Does the security message need to be simplified? Can the use of the products be more intuitive and automated — even invisible? What is missing in the education? Do consumers understand that if the product is free, they’re the product?

Security technology brands are trusted — and those companies need to find ways to leverage that trust through the word-of-mouth channel more effectively and generate a flywheel effects

The European findings of IDC’s 2025 CDLP Survey are presented in this report. Findings from the complete global survey are available here

Mark Child - Associate Research Director, European Security - IDC

Analyst Profile
Associate Research Director Mark Child of IDC’s European Security Group leads the group's Endpoint Security and Identity & Digital Trust (IDT) research for both Western Europe and Central & Eastern Europe. He monitors developments in security technologies and strategies as organizations address the challenges of evolving business models, IT infrastructure, and cyberthreats. Mark's coverage includes in-depth security market studies, end-user research, white papers, and custom consulting.

In October 2024, our IDC colleague Jennifer Thomson published an excellent presentation,  Value-Driven DevOps and App Engineering in the AI Everywhere Era.
Delivered at IDC’s 2024 DevOps Summit in London, the presentation delves into the future of modern app development and delivery. This future is driven by three key factors: developer experience and productivity, security resilience, and business empowerment.
The future of DevOps is app-centric, focused on user experience, value, and resilience by design. Platform teams play a crucial role in enabling effective app development and management.

The transformation integrates security, finance, and operations into the development process to create a seamless and automated software delivery environment. However, achieving “value-driven DevOps and app engineering” requires breaking down the silos between DevOps, CloudOps, and DataOps and creating smart integrations to meet business needs for speed, security, and cost efficiency.

According to IDC research, delivery excellence is defined by four strategic priorities:

Agility is the core business outcome BUT business agility is most negatively affected by current capabilities in the development processes of organizations.

As an answer to the question: ‘Which of the following areas are most negatively affected by your organization’s current software development and delivery capabilities?’, the following answers were given:

Apparently, many organizations are restricted in their ability to deliver excellence by their own development processes. However, with the rise of AI, things may change fast! A few recent IDC predictions (IDC FutureScape: Worldwide Developer and DevOps 2024 Predictions — European Implications, IDC Doc #EUR151753024) show:

• By 2028, natural language will be the most widely used programming language, creating 55% of net-new applications.
• By 2028, generative AI (GenAI) tools will write 70% of software tests, reducing manual testing and enhancing test coverage, usability, and code quality.
• By 2025, 50% of DevOps teams will use DevSecOps tools leveraging AI to identify security challenges in applications and supply chains.
• By 2026, 40% of new apps will be enhanced by AI, improving experiences and creating new use cases.

Incorporation of AI into the development processes of organizations promises to improve all 4 aspects of delivery excellence: increased speed of delivery, efficiency, quality and productivity, resulting in better business agility, meaning that the organization can respond to market changes faster and is able to provide more value, faster and better to its customers.

This sounds great! However, as management guru Peter Drucker one said:” You can’t control what you don’t measure”. And if you can’t control something, it’s very hard to improve it. This means that measurement of Delivery Speed, Product Quality, Efficiency, Productivity and ultimately Value

delivered, is an important management activity for organizations that are determined to control and to improve their delivery excellence and thus business agility.

As an example, using AI to code faster may result in better productivity, but when this code is not compliant to ISO 25010 or ISO 5055 standards for software quality, significant risk may be introduced into the application, potentially resulting in incidents, unhappy customers, loss of money, rework in the team, resulting ultimately in lower productivity and delivery speed, etc. In this case, measuring productivity and code quality are important to understand the overall performance of the teams, in relation to the quality produced.

IDC Metri, the tech buyer consultancy part of IDC, has years of experience in measuring these aspects on the team level. It offers the ‘Team Performance Optimization’ service to organizations that wish to understand and benchmark their current delivery excellence on team-level, and aggregate this to an organizational level. By benchmarking, it becomes clear which of the teams are high-performing (against industry averages) and which teams can use some help to improve. For many organizations, it would be helpful to create a baseline performance now, so they can see which AI initiatives result in improvement of the metrics, and which don’t.

For more information about measuring, benchmarking and/or optimizing (agile/DevOps) team performance, please contact me at hvanheeringen@idc.com.

Technology is no longer just an enabler – it transforms how organizations function, compete, and deliver value.  Specifically, AI is now fundamentally changing business processes, operations, and experiences, something that presents CIOs with both challenges and opportunities. As a result, the role of the CIO and IT must evolve beyond an enabling function.

Historically focused on operational excellence, CIOs now face a strategic imperative: becoming orchestrators of business value. Leveraging deep technical expertise and proactively acquiring new capabilities, CIOs are expected to effectively harness AI to drive meaningful innovation and measurable business outcomes.

However, many CIOs and IT departments remain too focused on traditional IT and IT-related metrics, limiting their ability to drive broader business outcomes. Closing this gap requires a fundamental shift that was already anticipated as part of digitalization efforts but now intensified by the pressure to deliver value on the AI agenda.

CIOs must evolve from technology stewards to strategic innovators, driving resilient and adaptive organizations. Those who proactively do and align AI with business priorities will shape their organization’s future, those who hesitate risk being left behind. To successfully navigate this evolution, CIOs must address six imperatives. This is what this looks like in practice.

1. Manage Regulatory Complexity and Enforce AI Governance

Rapidly changing AI regulations present major hurdles. In the report IDC FutureScape: Worldwide CIO Agenda 2025 Predictions – Asia/Pacific (Excluding) Japan Implications, IDC predicts that in 2025, 50% of the Asia-based top 1000 (A1000) organizations will struggle with divergent regulatory changes and rapidly evolving compliance standards, challenging their ability to adapt to market conditions and drive AI innovation. CIOs must proactively address these challenges by developing agile compliance frameworks.

Also, 41% of APEJ organizations are focusing on establishing organizational data governance policies for AI/GenAI usage, according to the IDC 2024 CIO Sentiment Survey. We expect this to increase as this regulatory complexity demands organizations to have unified AI governance, and IDC predicts that by 2025, 70% of organizations will be formalizing policies and oversight to address AI risks (e.g., ethical, brand, and PII), aligning AI governance with strategic business goals. CIOs must develop trust-centric AI governance models that align clearly with strategic business objectives. This can help organizations use AI responsibly, maintaining customer trust, while still capturing the benefits of rapid technological innovation.

2. Reduce Technical Debt to Accelerate Innovation

Modernizing IT is the top strategic priority for 37% of CIOs in the Asia/Pacific region, according to the same survey. This is because technical debt creates complexity, slows innovation, and restricts the ability to effectively adopt and scale new technologies like AI. IDC predicts that responding to the drag of technical debt, 40% of CIOs in 2025 will drive enterprise initiatives in high-impact areas to remediate technical debt for competitive advantage. Clearing technical debt – from aging codebases to outdated systems, and inefficient processes – enables organizations to quickly adopt new technologies, reducing barriers to innovation and accelerating AI integration.

CIOs who prioritize tackling technical debt will position their organizations to adopt technology innovations faster, ensuring readiness for more complex AI-driven transformations. This can help boost innovation, improve agility, and increase the return on technology investments.

3. Turn AI Experimentation into Enterprise Value

Although AI adoption has rapidly moved from niche to mainstream, many organizations remain stuck in pilot paralysis, struggling to advance beyond the proof-of-concept (PoC) stage. According to the IDC’s 2024 Future Enterprise Resiliency and Spending (FERS) survey, wave 4, organizations in Asia Pacific conducted an average of 24 GenAI pilots over the past 12 months, but only 3 progressed into production, partly due to the lack of clear direction. In fact, IDC predicts that in 2026, over one-third of organizations will be stuck in the experimental, point-solution phase of AI experimentation, requiring a shift of focus to enterprise use cases to deliver ROI. This stagnation hinders competitiveness, slows growth, and increases exposure to ethical risks and regulatory scrutiny.

CIOs must become orchestrators of business value by effectively partnering with other CxOs to translate unclear ideas into practical AI applications. They should establish an AI Center of Excellence (CoE) to centralize expertise, share best practices, and coordinate cross-functional teams, accelerating AI deployment and ensuring consistency. Additionally, CIOs must lead the creation of a strategic roadmap for responsible AI that maximizes business impact, ensures ethical deployment, and proactively mitigates risks. So, we expect that by 2026, 70% of CIOs will lead the creation of a strategic road map to rapidly implement responsible AI solutions, maximizing benefits while mitigating risks across their operations. CIOs who bridge the gap between innovative AI experimentation and enterprise-wide deployment will help their organizations capture substantial competitive advantages and achieve tangible financial returns.

4. Strengthen Cybersecurity with AI-Driven Defense

Cybersecurity is much more than just an IT issue; it is a strategic business imperative. Yet, CIOs are ultimately responsible for safeguarding their organizations, particularly as threats grow increasingly sophisticated. IDC predicts that in 2026, 50% of CIOs will diversify and broaden security strategies across their organization’s IT and security teams to address new/fast-evolving threats to their technology and supply chain ecosystem. CIOs must actively integrate AI and ML into their cyber-defense systems to protect against advanced threats, both internal and external.

AI-driven cybersecurity can help not only improve threat detection, but also enhance incident response times, potentially reducing risks to operations and reputation. CIOs who effectively leverage AI to protect their IT infrastructure can improve organizational resilience, positioning their organizations as leaders in cybersecurity effectiveness.

5. Embed Sustainability into IT Strategy

Sustainability has become a core business priority and technology investments play a critical role in achieving organizations’ ESG goals. IDC predicts that by 2027, 50% of CIOs will be accountable for embedding sustainability goals into every technology project, measuring outcomes to refine investments and align with environmental objectives. CIOs must actively incorporate environmental considerations into IT investment decisions, embedding clear sustainability metrics into infrastructure development and AI initiatives.

By proactively integrating sustainability into their technology agendas, CIOs are effectively linking technology leadership with broader corporate responsibility. This can help in positioning organizations favorably in the minds of consumers, investors, and regulators, strengthening brand value and competitive differentiation.

6. Close the Digital and AI Skills Gap with Advanced Tools

The rapid adoption of AI technologies exacerbates an already complex problem: the digital skills shortage. To address this over 45% of Asia/Pacific organizations are giving more developer duties to non-IT staff, according to the IDC’s 2024 Asia/Pacific Software Survey. So, IDC predicts that by 2028, 50% of A1000 will adopt cutting-edge tools to close the digital and AI skills gap, easing reliance on specialized talent, boosting the workforce, and bridging the expertise gap for innovation. Organizations will actively leverage automation, AI-driven platforms, and low-code/no-code tools to empower nontechnical employees to create and manage applications. While this expands access to digital solutions, boosting productivity and freeing skilled talent for strategic work, it also introduces the risk of app sprawl, a challenge that must be managed as AI further simplifies app development.

CIOs must ensure the workforce is not only technically skilled but also aligned with business outcomes. Embracing low-code/no-code platforms can democratize technology access, allowing teams to quickly develop customer-facing applications. By leading this shift in skills, CIOs can enhance speed to market, drive business agility and create lasting competitive advantage.

The Path Forward in the AI-Fueled Era

The CIO role is evolving rapidly, with AI at its core. CIOs must move beyond technology facilitation and take the lead in AI governance, cybersecurity, skills development, sustainability, regulatory compliance, and technical debt management. Ultimately, they hold the key to bridging technological opportunities and strategic business outcomes. Those who embrace these responsibilities will not only drive business value but also shape their organizations’ futures, becoming indispensable leaders in the AI-Fueled Organization.

To learn how to integrate AI into your strategy and make 2025 a defining year for your organization, download the IDC eBook Top Predictions and Insights for CIOs in 2025 today!

Read our eBook

Daniel-Zoe Jimenez - Vice President, Digital Innovation, CX & Software, DNB/Start-ups, SMBs, Consumer and Channels Research - IDC

Analyst Profile
Daniel provides strategic advisory services to the C-Suite (CIOs, CTOs, CFOs, CDOs, CMOs, and CHROs) on how to develop and leverage technologies (e.g., AI/Analytics, Cloud, RPA, AR/VR, ERP, CRM) and new business operating models to become more agile, resilient, and competitive. He delivers workshops and strategic engagements for customers across Asia/Pacific such as assessing maturity, identifying gaps, crafting strategies and technology roadmaps, determining ecosystem readiness, business value metrics (KPIs), and skills required to drive future growth and profitability. Also, he provides research and strategic advisory to tech buyers and suppliers into the most emerging technologies and market developments like the Metaverse.

Just when businesses in Asia/Pacific thought they were getting to grips with artificial intelligence-led disruptions in their industries, here comes something new called Agentic AI and its ability to turn generative AI (GenAI) functionality and capabilities into actionable services. In practical terms, Agentic AI is more than just advanced chatbots, this is the next step in the evolution of AI, allowing AI agents to act with increased autonomy.

A simplistic retail example would be, where previously the AI will recommend restaurants based on a user’s preferences, now it can book the restaurant and offer alternatives that match its users’ health and dietary needs (vegan, gluten-free, high protein, etc). From a marketing perspective, this progression in AI utilization has a drastic impact on how businesses promote their goods and services to potential customers. Previously, marketers would target their campaigns directly towards the customers but now the shortlisting and decisions are made by the AI. How does the AI choose the “right” product/service? What changes do marketing teams need to make to incorporate Agentic AI?

Before we try and understand where we are going let’s first come to grips with where we are and look at the current state of marketing in Asia and how marketers are currently using AI. Some of the key goals for marketing in the region today are:

  • Develop a more unified and enterprise-wide marketing strategy: Provide consistent marketing experiences across various touchpoints
  • Personalization as a differentiator: Making marketing campaigns relevant to segments, micro-segments or even individuals based on their personal preferences and characteristics
  • Streamline processes through automation

Asian businesses, particularly those in China, have been relying on AI in all of these areas and some of the more common uses of AI are:

  • Automated content creation (including visual content such as videos and images) for campaigns
  • Predictive analytics to improve overall campaign effectiveness and performance
  • Data analysis and insights into customer behavior trends, gauging public sentiment and achieving a better understanding of the customer journey

More detailed insights of how Chinese firms are using AI in marketing can be found in IDC PeerScape: C2G Peer Insights to Augment Customer Intelligence Using Generative AI.

By leveraging AI, marketers can optimize their marketing campaigns for targeted messaging to a wide range of customer segments across numerous online channels, while controlling distribution frequency to minimize advertising fatigue in a cost-effective method. For example, as shown in the below figure, digital advertising is still the most time-consuming process for marketers.  Actions such as amending and formatting communications for different digital mediums as well as determining which segments to target take a significant amount of time and prolong the time required to launch a campaign – all of which can now be done by GenAI and Agentic AI.

With a better understanding of how marketers in the region are using AI, let’s now look at Agentic AI and what the future holds for marketing.

Agentic AI Will Impact the Marketing Workforce Composition

We will see that with continued use of AI, especially in campaign cost optimization,  impacts marketing workforce composition. Currently, marketers are using AI to take over mundane and repetitive tasks (e.g. formatting images across different social media platforms) which will eventually transition to taking over full-time marketing roles allowing humans to focus on more strategic initiatives. In the IDC FutureScape: Worldwide Chief Marketing Officer 2025 Predictions — Asia/Pacific (Excluding Japan) Implications, IDC lists the top most urgent trends that marketing leaders must pay attention to. One of our predictions on the impact of Agentic AI on workforces states that by 2028, 1 out of 5 marketing roles or functions will be held by an AI worker, shifting human expertise to driving strategy, creativity, ethics and managing a blended human and AI workforce.

Increased Focus on AI Governance by Marketing not IT

There will be a need to supervise and ensure proper performance with Agentic AI taking on more responsibilities. This will require monitoring by the marketing team themselves who know when something goes wrong as opposed to IT who monitor based on code alerts. This will require the marketing team to be trained on AI use, to make them comfortable with the use of AI and understand how it can help rather than replace them so they can truly appreciate the technology and learn  the processes and systems to use in finetuning AI performance or troubleshooting errors when they occur.

Marketing Workflows Will Change

The use of Agentic AI by consumers will force a change in the marketing mindset, creating new processes and areas of focus which will force businesses and marketers to rethink how they operate. As an example, let’s address the question raised earlier in this blog – How does the AI choose the “right” product/service?

When the Internet and search engines grew in popularity, search engine optimization was created to improve the quality and quantity of website traffic. Companies had to rethink how they setup their websites to ensure it was “visible” in rankings to the search engines. In addition to this, many paid to have their websites listed on top of searches. IDC predicts that businesses in Asia will have to work with AI companies and start spending on Large Language Model (LLM) optimization in the same manner so that businesses and their products and services are visible to Agentic AI systems.

By 2029, companies will spend up to 3x more on LLM optimization than search optimization to influence GenAI systems and raise the priority & ranking of their brands.

The AI road ahead has no doubt more bumps and turns and marketers must be willing to meet these changes and challenges head on. Here are a few things marketers can do to prepare for Agentic AI:

  • Build a portfolio of AI case studies and use cases to determine what works best for you. By matching thought leadership initiatives with AI-infused case studies, marketers will be able to develop campaigns that competitively differentiate their companies and products.
  • Work with the technology team to ensure marketing and technology strategies are in sync, especially when it comes to AI-related changes such as in the organization’s client data infrastructure.
  • Build a brain trust to analyze and create new marketing strategies for an AI-everywhere world. This will include looking at changes in human resourcing, the impact of deploying AI agents (internally and externally) and the required communications to ensure key stakeholders understand and accept the new technologies and protocols.

Know how Asia/Pacific marketing organizations are pivoting into an AI world leveraging AI-fueled apps. Download this eBook from IDC.

Read eBook

As Asia/Pacific businesses accelerate their digital transformation journeys, artificial intelligence (AI) is becoming a core innovation enabler. From identity and access management (IAM) to risk-based trust frameworks, AI is reshaping the cybersecurity landscape. However, as AI adoption grows, so do concerns around security, trust, and compliance.  

According to IDC’s Asia/Pacific Security Study, 2024, 76.5% of enterprises in the region say that they are not confident in their organization’s ability to detect and respond to AI-powered attacks. Most are concerned about AI-driven vulnerability scanning by attackers, the rapid exploitation of zero-day vulnerabilities, increasingly personalized and effective social engineering attacks that leverage AI, and AI-powered ransomware attacks with dynamic negotiation and extortion tactics. The risk of AI-driven risk vectors increases in verticals dealing with sensitive and confidential information such as Banking and Financial Services (BFSI) and Healthcare as well as critical infrastructure sectors like energy, transportation, and telecommunications, where disruptions can have widespread consequences. 

With cybersecurity emerging as a central theme across the region, AI-fueled business models must address key challenges:  

  • How can organizations ensure AI systems are secure, transparent, and resilient?  
  • How should regulatory frameworks evolve to accommodate AI-driven cybersecurity?  
  • What steps can businesses take to balance AI innovation with trust?  
  • How can enterprises implement a robust AI governance framework to manage security, compliance, and ethical risks effectively? 

To navigate these challenges, enterprises must address three key areas that impact the secure and responsible deployment of AI: 

1. Integration and Cost Barriers to AI Security Adoption 

Despite its potential, AI-driven security automation struggles with integration issues and high costs. According to IDC FutureScape: Worldwide Security and Trust 2025 Predictions – Asia/Pacific (Excluding Japan) (APJ) Implications, by 2027, only 25% of consumer-facing companies in the region  will use AI-powered IAM (Identity and Access Management) for personalized, secure user experiences due to persistent difficulties with process integration and cost concerns, creating a trust gap in AI authentication and identity protection, particularly in consumer-facing sectors like retail, banking, and e-commerce. 

2. Regulatory Fragmentation Complicates Compliance 

Asia/Pacific’s inconsistent AI regulations make compliance difficult. While Singapore and Australia lead AI governance, India and ASEAN nations lag behind, creating inconsistencies in how businesses implement AI security solutions. China has implemented strict AI laws focused on security assessments and algorithmic transparency, while Japan follows a more flexible, self-regulatory approach emphasizing Responsible AI. One of the most critical shifts in cybersecurity will be the introduction of AI Bills of Materials (AI BoM). By 2028, 70% of data products will include a Data BoM, detailing how data was collected, processed, and consent was obtained. This evidentiary trail will be essential for demonstrating compliance and ensuring AI systems do not operate as black boxes. Alongside, AI governance is mandatory, rather than exploratory. Some nations have demonstrated leadership in already initiating AI governance frameworks – such as Singapore, Australia, India, and Japan – setting the stage for responsible and secure AI adoption across the region. These countries are proactively developing policies and frameworks to ensure AI-driven technologies align with security, compliance, and ethical standards. 

3. Unchecked GenAI Adoption Creates Security and Compliance Risks 

The rapid expansion of GenAI poses major security and governance challenges for enterprises. IDC predicts that in 2025, 20% of organizations in APJ will move from proof-of-concept (POC) to production in specific GenAI use cases without a comprehensive risk-based assessment of their trust capabilities, potentially creating a cybersecurity house-of-cards scenario. Key risks include data leaks, bias in AI models, and regulatory penalties as governments tighten AI security laws. Without proactive governance, enterprises risk non-compliance, reputational damage, and increased exposure to AI-driven threats. 

To mitigate these risks and build trust in AI-powered security, organizations must establish a robust governance framework that ensures transparency, compliance, and operational resilience. This is where IDC’s Unified AI Governance Model comes into play. 

IDC’s Unified AI Governance Model 

IDC’s Unified AI Governance Model is a strategic framework that balances innovation with risk management, ensuring AI deployment aligns with compliance, security, transparency, and ethical standards. It is built on four key pillars: transparency and explainability, security and resilience, compliance and privacy protection, and human-in-the-loop (HITL) governance. 

IDC defines AI governance as a system of laws, policies, frameworks, practices, and processes that enable organizations to manage AI risks while driving business value. Governance must be integrated into strategy rather than treated as a reactive measure. Without it, enterprises face operational inefficiencies, legal exposure, and reputational risks. The model also acknowledges external influences, such as regional regulations, ethical considerations, and societal expectations, which vary significantly across APJ markets. Ensuring that AI governance adapts to these external factors is critical for sustainable and trusted AI adoption. 

IDC’s Unified AI Governance Model provides a structured approach to managing AI security and trust by addressing some key questions such as:  

  • Who is using what data, and where is it stored?  
  • How is personally identifiable information (PII) data protected through encryption or anonymization?  
  • Are AI models being tested against risk controls and compliance requirements?  

Is there a risk assessment framework for GenAI deployments? 

Path Forward: Cybersecurity and AI Governance for Asia/Pacific Businesses 

To foster a secure AI-driven future, businesses must take a proactive approach to cybersecurity and AI governance. Key steps include: 

  1. Embedding AI Bill of Materials (BoM) in Cybersecurity Practices: Developing transparent AI security frameworks that document data provenance, consent mechanisms, and compliance checkpoints. 
  1. Investing in AI-Powered (Identity and Access Management) IAM with Risk-Based Authentication: Incorporating adaptive authentication, behavioral analytics, and risk scoring to strengthen trust in AI-driven security systems, instead of relying solely on AI-driven IAM. 
  1. Conducting Comprehensive Risk Assessments for GenAI Deployments: Establishing robust governance policies to prevent unintended risks when moving from GenAI POC to production. 
  1. Integrating Autonomous AI for IT Operations: By 2027, GenAI and analytics deployments for IT operations use cases will increase team productivity by 15%, generating $1.5 billion in economic and business value. Automated IT service desk responses, anomaly detection, and predictive resource capacity planning will be critical for AI-enabled security frameworks. 
  1. Collaborating with Regional Regulatory Bodies: Actively participating in shaping AI governance discussions, ensuring their cybersecurity policies align with emerging regulatory frameworks. 

Watch Linus Lai, IDC Asia/Pacific Vice President VP for Software and Services, discuss Unblocking the AI Everywhere Blockers in 2025 and AI’s impact on enterprise applications, infrastructure strategies, and governance models in this on-demand webinar

Partner with IDC | CSO to elevate your brand presence at Asia’s leading gathering of CISOs and IT security executives. Position your unique capabilities to become security leaders’ trusted vendor of choice in safeguarding their valuable corporate data in the cloud and in exploring the pivotal role of AI and quantum-proof technologies. Happening across 7 Asia/Pacific cities from April to November 2025, join us at the event to showcase your case studies, success stories, and more! 

Learn More

Sakshi Grover - Senior Research Manager - IDC

Analyst Profile
Sakshi Grover is a senior research manager for IDC Asia/Pacific Cybersecurity Services, supporting its research and client engagement activities across Asia/Pacific markets. Additionally, she serves as the lead security analyst for IDC India. Sakshi is responsible for delivering syndicated custom research and consulting engagements on next-generation emerging and disruptive technologies. Her tasks include developing and socializing IDC's point of view within security services, covering both legacy and modern cybersecurity technologies. Her role involves close collaboration with technology vendors and buyers, developing market insights, and providing research, consulting, and advisory services in the fields of security software and services. This includes partnering on research efforts with relevant country analysts in the local IDC offices. Sakshi's views on security have been quoted in numerous publications, such as the Economic Times, Business Standard, Data Quest, CRN, and others.

The process that tech leaders typically follow to measure digital transformation is antiquated and must change. The reason? They tend to concentrate on IT performance metrics that aren’t tied to business outcomes.

By falling into the trap of focusing on IT-centric performance metrics—such as uptime, system availability, and IT spending — without linking them to broader business outcomes like revenue growth, customer experience, and innovation, tech leaders struggle to justify investments, CIOs lack visibility into true impact, and digital transformation stagnates.

To break free from this outdated approach, IT leaders must rethink how they define and measure the outcomes achieved through digital transformation. 

Designing, planning, initiating, funding, implementing, and continuously driving an organization’s digital transformation are essential tasks, but tech leaders must also continue the momentum for collaboration with technical and business stakeholders. This is done by measuring outcomes to see progress. The CIO plays a critical role here; they must facilitate and lead digital transformation with KPIs that show progress and outcomes.

Here is what we recommend.

Step 1: Shift Your Thinking and Your Team’s Culture from Measuring IT Metrics to Business-Aligned KPIs

Measuring infrastructure uptime, number of deployments, or IT costs in isolation is an obsolete approach as these details will not show the necessary alignment of tech investments with the changes necessary to transform the organization into a digital leadership position. Different approaches to change thinking are to align technology investments with defined digital initiatives that are intended to improve business value such as revenue impact, operational efficiency, and customer satisfaction, just to mention a few.

How do you do that? First, engage your team to define business outcomes. In other words, identify what IT success looks like to business stakeholders. For example, for IT operations, it could be improvements in customer satisfaction, measured by Net Promoter Score and digital experience data. For application design and development, it could be faster time to market for new digital products, measured by speed of product innovation cycles. And for project and portfolio management, it could be the revenue or cost savings directly attributable to digital initiatives.

Why this matters: Traditional IT metrics measure efficiency, but they don’t tell the full story of digital transformation success. Instead, CIOs and tech buyers must demonstrate how technology investments drive real business impact, and that requires a cultural shift to let go of old approaches that measure IT without connection to the business.

Step 2: Build a Digital Transformation Index (DXI)

A digital transformation index (DXI) is a set of key objectives with associated key performance indicators (KPIs) used to evaluate and measure an organization’s progress on the different strategic objectives and goals defined within the digital transformation strategy.

The following are key strategic objectives for making progress in your digital transformation but should be adjusted to your specific digital business strategy.   

  • Development and guidance of the organization through digital strategy and leadership: This objective is specifically focused on ensuring that there is a digital vision and a strategic road map, as well as commitment and support from executive leadership to drive digital initiatives that are part of the organization’s vision and road map. You’d likely want to set measures around certain milestones achieved as well as key ongoing initiatives.
  • Changes in business models to achieve business outcomes: When selecting and creating business model objectives, start thinking about how your organization with its people, processes, and technology diversifies and grows revenue streams, grows shareholder value, manages costs, or improves profitability.
  • Transformation progress to leverage strategic technology assets toward superior customer value: This objective should include measurements in terms of transformations on technological aspects defining value for customers in your respective market. Example metrics could be investments into core and emerging technology; architecture and data; or progress in the adoption of AI, cloud, automation, and security strategies, all for delivering superior customer value.
  • Improvements around organization, culture, and innovation: This objective includes the strategic approach to optimize or reengineer existing processes, for example leveraging   DevSecOps or Agile. Additional pursuits are agility improvements of the overall workforce; upskilling initiatives to improve digital skills development; and collaboration and cross-functional teamwork in pursuing new digital productions, solutions, or services to solve problems of your customers.
  • Operational excellence to scale and accelerate innovation: Operational excellence includes the ability to minimize overhead, reduce costs, and introduce automation optimizations to shift funding toward innovation. The measures could be technical debt removal, intelligent automation while managing cost, security, and agility, all balanced with new technology adoptions accelerating digital innovations.   

Why this matters: Organizations that fail to track holistic digital transformation progress risk making decisions in silos. A DXI with key measurement objectives provides clarity, accountability, and a connected approach to measuring digital transformation success. Some best practices are to track only the most meaningful transformation metrics that align with business goals; set baseline measurements and monitor improvements over time; and align IT, finance, and business units to ensure shared ownership of KPIs.  

Step 3: Make KPIs Actionable for Meaningful Progress

One of the most common mistakes CIOs make is tracking digital transformation progress without taking corrective action. Collecting data is only half of the journey — what matters is using it to drive real-time decision-making. Leveraging real-time dashboards that provide visibility across teams, enabling data-driven course corrections, are a good first step.

Other important tasks are to make sure there is KPI ownership by involving both the business and IT leaders who can drive accountability and alignment, and to safeguard that there are structured review cycles to assess performance, adjust strategies, and ensure digital initiatives stay on track.

Why this matters: Metrics should not exist in a vacuum. CIOs must embed digital transformation measurements into business decision-making, ensuring that KPIs drive agility, adaptability, and impact.

Step 4: Future-Proof Your Measurement Strategy

Digital transformation isn’t static, and, therefore, its objectives must evolve as technology and business need change. It is important to regularly reassess objectives and the associated KPIs to ensure they remain relevant as new technologies, good practices or market changes occur. If possible, initiate benchmarks against industry peers and competitors to identify strengths and gaps.

Why this matters: A rigid approach to measurement can stall innovation. The most successful organizations continuously refine their digital transformation objectives and KPIs, ensuring they remain aligned with changing business priorities or changes in their respective industry.

Now It Is Your Turn to Shift from IT Metrics to Measurable Impact

CIOs and IT leaders have a unique opportunity to redefine how digital transformation is measured. By shifting from IT-centric metrics to business-driven KPIs, organizations can prove the value of technology investments, drive innovation, and maintain competitive advantage. Start by changing your and your team’s thinking toward business outcomes.

Next, define your DXI objectives and relative KPIs for an end-to-end view of how well your organization is driving business growth, improving efficiency, and accelerating customer value. Then, ensure that the DXI KPIs drive real-time decision making and corrective action, with metrics owned by and responsibilities tasked to business stakeholders and IT. Finally, establish a schedule to reassess objectives and KPIs to keep pace with technological and business change.

Learn More