“How is your business impacted by generative AI? How has, say, ChatGPT hit your business model?” Carmichael asks, noting that some companies have already lost significant market value as they faced sudden competition from gen AI.
“This is an issue for CIOs. Some are expecting cost savings using this technology, but there’s also the expectation that they’ll find ways to incorporate this technology [into their company’s products] to strengthen their offerings,” Carmichael adds. “This is where CIOs have to gain knowledge about the technology and provide guidance and advisory.”
5. Building an engine in flight
As if those aren’t big enough challenges to tackle, executives must move fast and tackle them while everything is in flight.
Douglas Merrill, a partner at management consulting firm McKinsey & Co., says CIOs should apply agile processes to their gen AI strategy. “You have to be learning as things move forward but do [iterations] that are safe and controlled and focus on risk management,” he explains.
6. No good guidance yet
As CIOs seek to bring control and risk management to technology that’s generating widespread interest and plenty of experimentation, they’re doing so without pre-existing guidance and support.
“One of the particular issues that we all face is that generative AI is really new and it’s moving really quickly, so there’s not a lot of tooling in place,” Merrill says. “The risk guidelines for gen AI are fragile and new, and there’s no commonly accepted ‘Here’s how to think about risk guardrails.’ There will be eventually, but they don’t exist yet.”
7. Innovating at speed
Another area for CIOs to tackle: how to use generative AI to differentiate their organizations.
CIOs should focus on “where they can use generative AI effectively. It’s not a hammer. They’re looking for the art of the possible. And there are so many possibilities that you have to directly align them to the business strategy,” says Frances Karamouzis, a distinguished vice president analyst with research firm Gartner.
She acknowledges that tech-led innovation is not new to CIOs, but gen AI does indeed present new challenges due to the speed of its evolution, as well as its power and complexity.
“CIOs are going to have to ideate, educate, and execute in a very different way in terms of velocity and viscosity of what the solutions are,” Karamouzis adds.
8. Identifying, prioritizing use cases
Research firm IDC found in its May 2023 Generative AI Findings from Enterprise Intelligence Services Survey that nearly 70% of enterprise intelligence services buyers are considering or actively working on use cases for generative AI.
Companies need a way to collect, vet, and prioritize ideas on how to use the technology for the benefit of the enterprise.
“CIOs should first and foremost establish a clear roadmap for implementing generative AI. Whether the objectives are for productivity gains or other commercial gains, they need to be aligned with [the whole C-suite] on the roadmap before any selection of technologies to enable the roadmap is performed,” says Goh Ser Yoong, head of compliance at Advance.AI and a member of the ISACA Emerging Trends Working Group.
Karamouzis says CIOs must leverage their prior experience in prioritizing tech-driven initiatives and apply the same discipline to gen AI ideas to ensure their organizations invest wisely.
In its survey, IDC found that the highest priority use cases fall under the categories of knowledge management, code generation, and product or service design and engineering. Buyers agreed most strongly with the sentiment that generative AI will enable their employees to focus on higher-value tasks. And buyers most often disagreed that generative AI will expose them to greater risks.
Foundry’s gen AI survey found that retail CIOs are leading the way on identifying use cases (49%), followed by IT leaders in the manufacturing (42%), technology (42%), and financial services (32%) sectors.
9. Buy vs. modify vs. build
Companies can bring generative AI into their organizations in three different ways, and CIOs will be leading their companies on deciding which way works best for them.
McKinsey has developed a propriety framework that describes the different use types as “taker,” “shaper” and “maker.”
A taker uses what someone else built, leveraging the capabilities straight out-of-the-box. The shaper will essentially customize such capabilities to work for its own needs or with its own proprietary data. The maker — the least common of the three types, McKinsey’s Merrill says — has the greatest need for structure and control and so will build its own models to meet its highly specialized requirements.
10. Enterprise readiness
Regardless of whether a company is a taker, shaper, or maker, it will need a modern enough technology stack and data program to make effective use of generative AI.
“The data, the structures in the cloud, compute network and storage, that’s certainly the purview of the CIO,” Karamouzis says, adding that CIOs similarly have a responsibility to identify and address any bottlenecks or barriers within the tech or data stack that could keep their organizations from realizing the gen AI objectives they set.
She adds: “CIOs are the ones who will be building the tech to enable this.”
11. Data privacy and security
In mid-spring 2023 South Korean electronics company Samsung banned employee use of generative AI tools after finding that some of its internal source code had been uploaded to ChatGPT.
Other companies are worried that their workers are doing the same, Kashifuddin says.
“As the workforce is interacting with these tools, companies have to make sure they’re not putting in proprietary data that’s sent back up to the foundational models,” he adds.
Executives are looking to their CIOs, as well as their data leaders and privacy execs, to take action, develop governance policies, implement controls, and deploy monitoring tools to make sure employees are following acceptable use policies and not exposing proprietary data and intellectual property.
12. Data and privacy law adherence
Another issue that’s confronting CIOs — as well as data, compliance, risk, and security leaders — is this: how to monitor and ensure that workers don’t violate data privacy laws and data protection best practices if they’re using generative AI.
“When you put your data into an AI engine controlled by someone else, then you’ve lost control of that data,” warns Carl Froggett, CIO at Deep Instinct, maker of a cybersecurity platform.
13. The need for an audit trail
CIOs also are being asked to devise ways to discern and audit the results produced by generative AI to ensure the results are accurate, unbiased, and free from infringement on protected intellectual property, according to experts.
As Carmichael explains: “Responsible and explainable AI are other challenges that CIOs are going to have to deal with.”
14. New regulations
Governments around the world are debating whether and how to regulate the use of AI. And while corporate legal departments and outside counsel will help executives discern what new laws mean to them, CIOs will have a role to play in making the AI technology within the enterprise adhere to any new laws.
“CIOs must stay abreast of evolving regulations and legal frameworks related to AI usage such as the recent European Union’s AI Act,” Goh said. “Compliance with data protection laws, intellectual property regulations, industry-specific guidelines, and ethical standards is crucial. CIOs should work closely with legal teams to understand and address any legal implications associated with generative AI.”
15. Accuracy concerns
Similarly, Kashifuddin and others call out the need for CIOs to help their organizations and the workers themselves adopt quality assurance procedures that verify any AI-produced insights they receive. That includes implementing QA within IT for any such code that developers want to use, Kashifuddin adds.
The consequences of falling short on this step can be significant, as some well-publicized examples are showing. One notable example is the case of a New York lawyer who is facing his own court hearing after he filed a legal document drafted using ChatGPT, which included citations of legal cases made up by the technology.
16. Upskilling requirements
AI is quickly reshaping the demand for IT skills and talent, and workers across the organization will need to learn how to work with generative AI tools.
Meanwhile, IT workers must retrain to work with generative AI tools to do their jobs and pick up the skills required to support the technology as it’s used throughout the organization.
As Goh says: “CIOs must assess the skill gaps within their IT departments and provide adequate training and resources to understand and work with generative AI effectively.”
17. AI-enhanced cybersecurity threats
Another area of concern for CIOs: how hackers are using generative AI.
“You’re talking about a new level of sophistication in [hackers] crafting of emails and messages and bypassing biometrics because the generative AI takes on the persona, the mannerisms, and the phrases that a real person would use,” Froggett says, adding that generative AI can generate fake videos and audio that seems authentic.
Such sophisticated attacks can render existing security controls, such as voice authentication, obsolete – forcing CIOs and CISOs to quickly find alternatives.
“The controls we had in place may not work because of what generative AI is already doing,” Froggett adds.
18. Nervous workers
In a March 2023 report, Goldman Sachs calculated that some two-thirds of current jobs “are exposed to some degree of AI automation, and that generative AI could substitute up to one-fourth of current work.” In other words, the firm said, the equivalent of 300 million full-time jobs could be lost to automation.
“There’s a lot of uncertainty. People are thinking, ‘How is this going to affect my career? Do I need to reskill?’” Carmichael says.
As part of the executive team, CIOs should be working to engage their employees and address their concerns, she says, adding that she believes gen AI will produce jobs — and perhaps more than what will be lost. That’s a message CIOs could share, too, as they tackle the thorny gen AI change management challenge.
19. Leading change through this new technology
CIOs will be among the executives responsible for leading their organizations through all the disruption that gen AI is expected to bring.
CIOs are a natural fit for this work, Carmichael and others say; they’ve been building their skills in this space for the past decade as they led their organizations through digital transformations.
However, some say leading through the upcoming change will be different than prior change management scenarios, as the pace of adoption and the disruption gen AI brings could dwarf previous technology revolutions.
“The pace has surprised everyone, and now we have to keep up,” Carmichael says. “So the question is how well you manage all that and move forward with confidence.”
20. Pulling together the teams
The CIO, of course, cannot tackle all these issues alone — nor should the CIO try. But as the primary technologist in many organizations, the CIO will likely be a key advisor to the executive team about the risks and opportunities that gen AI presents.
“The CIO is enabling or equipping, is acting as the facilitator, advisor and delivery person,” Karamouzis says. “So now the role of the CIO is one of the integral roles in the C-suite in helping others understand the whole list of things that needs to be done.”