CIOs went into COVID-19 lockdown thinking it would only last a few weeks — this became clear during many of the conversations I had with CIOs over the last year. These CIOs quickly learned that the crisis would take much longer time to pass. According to CIO David Seidl, "We learned that our response plans were for days or weeks rather than a year or longer." Clearly, we are only now potentially seeing our way out of the crisis.

While CIOs did not immediately understand how long the crisis would last, without question, they and their teams did establish the basis for surviving it. And given the experience of the last 18 months, they see further changes coming in terms of continuous improvement and hybrid work. With all this, how will they now consider risk moving forward? In other words, what were their key learnings?

Technical Impact

COVID-19 showed the rest of the organization not only the value of IT, but that historical IT investments paid off. According to CIO Paige Francis, "COVID-19 taught our organizations what many CIOs already knew, technology is everything. As well, it showed that IT risk is not your standard business risk. And it’s a top priority now." IT risk plans proved to be well-founded, according to CTO Stephen diFilipo. He said nothing new was discovered in terms of IT risk as a result of COVID-19. CIOs learned many lessons, however, in other aspects of technology leadership. “But risk? nah!”

Keeping the Business Running Effectively

COVID-19 demonstrated the need for continual improvement, including for IT systems. Without this, the enterprise would have been brought down. "We certainly found our gaps and fast!” said Francis. From a disaster recovery and business continuity perspective, she continued, in many cases “we are going to need a bigger boat.”

The good news, saidSeidl, was "the value of planning, analyzing, and ensuring strategic responses were demonstrated repeatedly. At the same time, people care was intensely important, and will continue to be." Winston Churchill is credited with saying "never let a good crisis go to waste." It's an attitude CIO Carrie Shumaker shared when she said, "on the positive side, the pandemic year tested IT resilience and overall, we showed strength. Our entire IT staff was in quarantine for two weeks starting on March 10 and we were able to shift to remote support and pivot the university to remote. I would not have been able to model this outcome." CIO Milos Topic agreed, arguing that, "other than there’s more access to data from a wider array of distributed locations, not much has changed from my vantage point. How others see it has changed as we now matter more than ever, which was long overdue."

Related Article: CIOs Reimagine the Workplace of the Not-So-Far-Off Future

Learning Opportunities

CIOs Shifted Gears

Francis says, “CIOs appeared to the outside during the crisis to be almost superhuman, but we were simply shifting to a higher gear.” CIO Martin Davis agreed, saying, “COVID-19 has helped companies realize they were very dependent on technology to work wherever people are and the importance of properly planning for risk, and the real cost if you are not prepared for a crisis.”

Data Security Moves to Center Stage 

The crisis exposed potential areas of risk, with security being one of the top three. Moats and firewalls no longer work when everyone is a remote worker. According to CIO Pedro Martinez Puig, "COVID-19 changed the consideration of the IT risk beyond the usual perimeter protection vantage, to a Zero Trust mindset. It changed us from guarding the castle to securing the continuous flow in a crowded airport." Data security needs to move to the intelligence stage. As Michelle Dennedy describes it in "The Privacy Engineer's Manifesto," data security in this case becomes "far more person and data-centric rather than tool-centric."

Related Article: Data Security in a COVID-19 World: What to Do When You're Pushed Into the Cloud

A Better Understanding of Risk

CIO Melissa Woo's statement rang true for me during this CIOChat: "I'm not sure it's changed how the IT organization view risk changed, but hopefully it has changed how our overall organization views risk." Personally, I hope the crisis has matured how the broader organization considers business risk. Clearly, all businesses are digital businesses now and IT is the lever to drive digital business forward — or not.