3 lessons that CIOs learned in 2019

By Joe Stangarone | mrc’s Cup of Joe Blog | Jan 16, 2020

Summary: As we start a new year, it helps to reflect on (and learn from) the past year. In this article, we take a look at the past year from an IT leader perspective. What are the most important lessons that IT leaders and CIOs learned (or should have learned) in 2019? What important takeaways from the last 12 months will help you succeed in the coming year? We answer those questions (and more) in this article.

As we start a new year, I like to take a moment to pause and reflect on the past one. What can we learn from 2019? What important lessons should we carry over into 2020?

In this article, let’s explore those questions from a CIO perspective. What key takeaways can CIOs and IT leaders pull from 2019 that will help them succeed in 2020? While I’m sure the list could be longer, here are a few of the most important lessons from 2019.

IT must focus on user experience and self-service

The IT department used to be the technology gatekeeper. They controlled software, hardware, and data access. If end-users wanted technology, their only path was the IT department.

The problem: User experience often went overlooked with this model. After all, users had no choice but the IT department. Even if IT delivered a poor user experience…what could they do?

These days, that’s changed. Technology is more accessible and easier to use than ever before. If IT delivers a poor user experience, end users can (and often do) find and adopt their own SaaS solutions. On top of that, the low-code/no-code software market has grown steadily over the past few years. End users can easily create solutions that previously would’ve required developers.

In other words, IT is no longer the gatekeeper. Modern IT departments are enablers. Their focus must be on providing the best possible user experience…or risk losing users to third-party solutions.

But, it doesn’t stop there. With the rapid growth of simple SaaS solutions and low/no-code development tools, self-service is the future. According to IDC 2020 predictions, “By 2024, 80% of digitally advanced organizations will replace the walled garden, IT-as-an-enabler model with a self-service model.” In other words, the IT department will be responsible for providing users with the tools needed to create their own solutions.

The goal for CIOs and IT leaders: Balance governance with self-service. Give users self-service options they need to create/access their own solutions while controlling data and user access.

“IT can no longer be all about point solutions and ensuring governance, compliance and ticket velocity – it must connect to broader business objectives, as the need to recruit and retain top talent becomes more imperative,” says Tim Christensen, Chief Technology Officer at SocialChorus. “As the workforce continues to evolve and organizations shift toward the digital workplace, IT will increasingly focus on employee adoption, usage and the end-user experience, delivering technology and strategies that meet employee demands and rising expectations. That means everything from more automated processes to mobile-first platforms so employees can work faster, smarter and better, wherever they may be. In the coming year, we will see more technology-focused initiatives aimed at supporting a culture of transparency and collaboration and driving organizational alignment, all of which are central to improving the employee experience.”

Ransomware isn’t going anywhere

Ransomware attacks against businesses are on the rise. In case you’re unfamiliar with the concept, ransomware is malware that holds your files ransom. The attacker encrypts your files and forces you to pay a ransom to restore access.

In 2019, ransomware exploded. Experts predict that it will grow even more in 2020. Why the rapid growth? It’s lucrative. A recent survey found that 70% of enterprise ransomware victims paid the ransom. Attackers have realized that most businesses would rather pay the ransom than risk losing their files.

In 2020, CIOs and IT leaders must make ransomware defense a top priority. It’s not a matter of “if” you’ll be hit with ransomware. It’s a matter of “when”.

“In the cloud, 2019 was the Year of Ransomware,” says Adam Stern, founder and CEO of Infinitely Virtual. “Of cyberattacks on steroids. Of massive distributed Denial of Service (DDoS) incursions that robbed businesses of untold time and resources, even if those businesses didn’t pay a dime to the perpetrators. Per a new AT&T study, fully a third of American businesses –including 50 to 80 percent of small and midsize businesses — were hit with ransomware during the last 12 months. And there’s no sign of this trend abating.

Bad actors – let’s call them what they are: criminal and terrorist organizations — were not expressly out to disrupt data streams, make off with intellectual property, sabotage IT-dependent systems and processes, etc. Those outcomes may indeed have occurred, but they were incidental to Job #1: stealing money. The very notion of shaking down an organization for ransom would have been unthinkable a decade ago. Now, it has spawned a sub-industry of tech firms committed to disrupting the disruptors – itself often a losing proposition.”

Data privacy is a priority for all organizations regardless of size and industry

In the recent past, the internet felt like the wild west when it came to data privacy. Personal information submitted to one company was then sold to other companies. Data breaches often went unreported. You had no idea who had your personal data, or how much of it they had.

Now, privacy laws are catching up to the internet, with GDPR being the first of its kind. Most recently, the California Consumer Privacy Act (CCPA) went into effect in 2020. We can expect other states and countries to follow suit, as buzz around data privacy grows.

What does this mean for the modern business? If you collect personally identifiable information from customers or prospects, data security is critically important. If that data gets leaked or compromised, you’re subject to massive fines. How big? Last year, British Airways was fined $228 million and Marriott was fined $124 million for data leaks. As explained below, data privacy is something that no business can ignore in 2020.

“As privacy standards become stricter and new laws appear, IT leaders have to be sure that they know what data their organizations store and how it is used,” says Ilia Sotnikov, Vice President of Product Management at Netwrix. “They also have to prove that they have consent for storing customer data and can secure it if necessary. Otherwise, organizations will be subjects to fines, and the statistics related to GDPR fines shows that an organization doesn’t have to be huge like Marriott or British Airways to suffer the penalties, as smaller companies are equally vulnerable. IT leaders have to involve legal departments to make sure they know exactly which privacy regulations they are subjects to and what steps they need to take to meet the requirements of these standards.”


These are just a few lessons that CIOs can take away from 2019, but the list could be much longer. Would you add anything to this list? Feel free to comment below!

Read on mrc’s Cup of Joe Blog