How Public Sector CIOs Mitigate Risk to Drive Change

For public sector organizations, being “down” isn’t an option. Public reliance means that local and state governments must, above all else, be available. That need for consistency and stability not only makes public sector institutions risk averse, it makes much needed technological overhauls difficult. In turn, outdated software generates further risk, leaving CIOs between a rock and a hard place.

But, rather than solely being a negative, risk can actually be used to drive significant change. As one CISO/CIO from a state/local agency said, “If your IT systems go down, no one can do anything. Once we’ve been able to elevate the awareness of the risk [posed by outdated tech], we’ve gained better support for funding new technology.”

That concept—namely, how risk awareness can be leveraged to gain support for technological transformation—was the main topic of conversation at the Gartner IT Symposium in Orlando, during which Workday’s Global CTO Joe Wilson, and Rowan Miranda, managing director for state and local government and higher education, were joined by 16 public sector IT leaders. More than half of the CIO participants said that their top focus moving into 2025 was managing risk.


With risk management established as a major priority, it’s critical that public sector bodies take action on two fronts. First, leaders must assess the risks their organization is facing and determine which stands to cause the greatest impact. Second, leaders must increase awareness of those impending issues, and educate other stakeholders on the most viable solutions. Here are three areas of risk that CIOs are already prioritizing for 2025.

1. Aging IT Systems and Workforce

For too long, the policy at public sector organizations has been “it works good enough.” As a CIO from Canada in the public sector observed, “If people are getting paid and we’re able to run business, it’s easy for everyone to agree that where we are is ‘good enough for now’ because there are bigger issues to address. But as IT systems continue to be used well past their point of obsoletion, the challenges begin to compound.

The complex, aging systems commonplace in the public sector—some of which even the vendors themselves no longer support—are well understood by existing employees. However, as that aging workforce edges toward retirement, the younger generations coming to replace them often don’t know how to use such archaic technology—or simply don’t want to.

“When I look at those who know our current platform, it’s the aging workforce. They would have to be the ones to dive into the code—but many of them are retiring, and the skills they have are for old technologies that younger people don’t have or want,” said one tech leader in a California municipality. “IT knows that we can’t continue to support this going forward. If we don't do something now, we’ll be in real trouble not too far down the road.”

An experienced Gartner analyst observed that the risk related to talent in the space is real. “When your technology doesn’t keep up, it makes it really difficult to hire,” he said. “When you don’t modernize and you stay behind, it’s challenging to bring on new talent. They don’t want to work on the old stuff.”

In a sector that often moves slowly, it’s critical that leaders start looking ahead now. One tech leader shared their approach to sunsetting a 30-year-old system. “We’ve been anticipating the coming problem for quite some time and we’ve been making sure everyone is aware that the technology will no longer be supported. We’ve been setting aside funds and working on new funding over the past several years.”

2. The Uphill Battle Toward Modernization

One area where risk is starting to mount rapidly in the public sector is cybersecurity. With new threats emerging every day, legacy IT systems can’t keep up—but government departments often face an uphill battle in getting stakeholder buy-in for much-needed modernization. The solution? Underlining the security risks outdated tech can give rise to.

“If it’s related to cybersecurity, it goes to the top of the list and it’s priority No. 1 for everyone,” said one CIO, “It’s an easier way to talk about modernization. You get much more attention and interest if you talk about it from that security angle versus the productivity gains and the benefits.” Simply put, the risk value of remaining stationary far outweighs the potential costs of a major software upheaval.

As one tech leader explained, “We’re all in a space that is naturally risk averse. But to achieve modernization, we have to push through the risk. We have to move forward.” Without such advancements, public sector bodies are in danger of falling behind and opening themselves up to extensive cyber attacks. Conversely, the benefits of pushing past such risks are plentiful.

“When you’re able to modernize and move forward, it helps you address some of the gaps you might have in your existing system,” they continued. “It lets you figure out all the places you can remove risk, while also representing an opportunity to look at everything end-to-end.” An extensive overhaul may be daunting, but the time is now to lay the digital foundations for the public sector’s future.

3. Separating Fact from Fiction with AI

It’s impossible to discuss modernity without also discussing AI. As is typical for the sector, many CIOs mentioned that they were approaching AI in a slow, deliberate fashion, gradually incorporating it into their existing application stack. Regardless, the potential use cases and preliminary results all seem incredibly promising—especially as a low-risk way to modernize IT departments.

One college system in New York saw graduation rates increase by 4% thanks to the implementation of AI. “Using AI we were able to identify the students at risk of not finishing, understand why they weren’t graduating, and then give them the financial means to do so with new grants that got created and funded,” said their CIO.

Elsewhere, other organizations have been focused on practical use cases to help mitigate human error, including:

• Finding leaks in utility pipes
• Traffic optimization
• Conducting training
• Generating reports

None of this is a surprise to the Gartner analyst, who noted that this isn’t a “new” development in the public sector. “We have to remember that AI isn’t a ‘new’ thing in this space. Just look at public safety, they’ve been using it for a dozen years already. What’s ‘new’ is that it’s becoming easier to use.” With AI having proven itself to be fast, reliable, and impactful (when deployed correctly), 2025 is likely to see an even larger number of organizations adopting the technology.

READ MORE HERE