“Things that matter most must never be at the mercy of things which matter least”- Goethe.
While writing this blog post, I revisited my previous blog titled, “Three Key Priorities for Governance Practitioners in 2022,” published by ISACA in December 2021, to review how things have changed in the ever-accelerating a digitization of businesses. This includes newer and innovative models of service delivery, higher convergence of knowledge and increasing demand for cybersecurity skills in the face of evolving cyber threats, key technological evolutions – including rapid growth of AI models and its usage – and the seemingly quicker likelihood of quantum computing’s emergence, to name a few notable developments.
Things have undoubtedly become more dynamic and complex, and it is not at all an easy task to arrive at the top governance priorities for 2025. Governance professionals will be grappling with multiple demanding tasks, finding it almost impossible to distinguish between urgent and important ones. Nevertheless, an attempt has been made below to prescribe five top priorities that will offer perspective for the current context and environment:
Priority #1: Aggressive and Persuasive Cybersecurity Leadership
Cybersecurity retains the first place as it was in my earlier blog. Cybersecurity has become more complex to handle as emerging technologies are increasingly put to nefarious use by hackers and criminals. The widespread availability of AI and machine learning tools will not only help in the spread of malware and other attacks, but also in the number of disinformation incidents targeting enterprises, causing lasting reputational damage to organizations.
By 2028, Gartner predicts that 50% of enterprises will begin using products, services or features designed specifically to address disinformation security use cases. Another looming threat is the anticipated emergence of quantum computing within this decade. It will necessitate the use of post-quantum cryptography, as the existing cryptographical methods cannot be used. Due to this, Gartner predicts that by 2029, most conventional asymmetric cryptography will be unsafe to use. World-wide spending on information security is projected to be $212 billion in 2025, an increase of 15.1% from 2024, and by 2027, 17% of cyberattacks will involve Generative AI, according to a forecast from Gartner.
Therefore, cybersecurity is the first priority for governance professionals to survive, grow and retain the market leadership of their organizations. In addition to the existing array of cybersecurity governance measures, it is suggested to adopt a DevSecOps approach and NIST’s guidance on zero-trust architecture as good practices.
Priority #2: Strategic Technology Management
Business and technology have become so intertwined that they are no longer separable. Therefore, any business strategy will entail the strategic use of digital transformation. Digital transformation often involves the use of emerging technologies for achieving business outcomes, such as enhancing customer experience, revenue generation and profitability, though it has a wider connotation, involving effective collaboration, change management, developing digital talent, constant innovation and experimentation.
In the current face-paced environment, digital transformation is no longer optional, but it is the way forward. An MIT Sloan Management review reports that companies with strong digital leadership achieves 26% higher profitability and McKinsey & Company estimates that digital transformation can unlock up to 25% of enterprise value. Therefore, this must be one of the key priorities for governance professionals for 2025.
Priority #3: IT Governance
Information technology governance falls within overarching corporate governance and focuses on aligning IT strategies with business objectives and regulatory requirements, managing IT risks and ensuring that IT resources are used wisely and responsibly. The five domains of IT governance are value delivery, strategic alignment, performance management, resource management and risk management. Governance professionals, through the exercise of these domains, optimize their use of technology and ensure that technology investments effectively support the enterprise’s strategic objectives.
In July 2024, CrowdStrike, a leading cybersecurity firm, released a faulty update for its Falcon sensor software, which triggered widespread system crashes and disrupted business operations of major tech giants, air travel, banking and retail companies. This incident underscores the delicate balance in IT between rapid security updates and system stability, as well as the importance of IT governance.
Gartner predicts that by 2025, 85% of CIOs will be explicitly measured on their ability to contribute to revenue growth. Performance management involves driving operational efficiency and cost optimization. IDC forecasts that worldwide spending on public cloud services will reach $1.35 trillion in 2027 and businesses will save annually $1 trillion on an average by 2025 by adopting cloud computing services. These data points validate that IT governance needs to be prioritized.
Priority #4: Data Governance
Data governance includes data quality, data security, privacy and usability. By 2025, the estimated amount of data created, stored, copied and consumed worldwide is estimated to reach 181 zettabytes. This explosion of data, along with relevant regulations like GDPR and CCPA, underscores the importance of trustworthy data management practices.
Harvard Business Review reports that data-driven companies are 23 times more likely to outperform their peers and McKinsey Global Institute estimates that data-driven decision-making can unlock up to $10 trillion in annual value by 2025. Thus, fostering a data-driven culture and data-based decision-making must be an important agenda for governance practitioners in 2025.
Priority #5: Talent Management and Managing Skills Gap
In today’s fast-paced and highly competitive business environment, recruiting key talent resources and ensuring their retention is of paramount importance for governance professionals. Attracting talent is no longer an HR-isolated function; agile practices emphasizes the need for multi-skilled teams. Therefore, it also falls under the priority list of governance practitioners.
Narayana Murthy, a billionaire Indian businessman and co-founder of Infosys, famously remarked, “Our assets walk out of the door each evening. We have to make sure that they come back the next morning,” underscoring the importance he placed on human resources.
Author’s note:The opinions expressed are of the author’s own views and does not represent that of the organization or of the certification bodies he is affiliated to.
