Enterprise hits and misses - today's CIO needs a re-think, and software supply chain fallout is here

Lead story - 12 requirements to be a CIO - as per the diginomica network careers report

Fresh data via the diginomica network points to twelve key attributes of today's CIO. Via a session with the London School of Economics, Mark Chillingworth breaks out the requirements. 

When you see items such as "operational excellence," "financial acumen," and "business leader," you know the CIO role is going through a major shift. In this era of AI pilots, operational excellence resonated. Chillingworth recaps: 

Operational excellence: CIOs will only be considered business leaders if they have a track record of reliability. The entire organization needs to know the applications, networks, and devices work. As Conor Whelan says: 'It is really easy to build a product or application. AI can build one for you in seconds, but try running it 24 hours a day, seven days a week. You have to know who is using it, where they are, so the operational side of running an application or product is really hard, and it gets harder as usage grows.'

Two (welcome) surprises on the list for me: social conscience and community. As I read social conscience, i don't see it as a political bent, but as an awareness: we cannot function effectively with insular mandates. Chillingworth: 

Navigating the rapid pace of technology change must also be shaped by a responsibility to the society you live and work within as a business leader.

As for community, you cannot substitute for a peer-based ability to swap field views, assess vendors, and discuss emerging tech. 

Based on my customer deep dives, I would add one thing to this excellent list: I believe CIOs need to pro-actively (attempt to) 'own' their organization's AI strategy. And yes, that means a deeper grasp of the realities of AI technology than other leaders in the organization. If you cannot pro-actively articulate the AI opportunities/risks, with precision into the pros and cons, you run the risk of being asked to implement ill-conceived AI projects, fueled by distorted executive fever dreams notions of what is currently possible. Just in the last couple weeks, I've talked to tech leaders who had to educate executives as to the limitations of shiny new toys like Claude Code/Cowork. 

But this can only be done if there are sanctioned ways to move forward with AI tool use, amidst transparent discussions. The CIO's purview also includes taking on so-called 'Shadow AI,' by providing private/governed ways for employees/teams to test the latest technology, and sandbox new ideas. If you want to delve further, there is vivid research from the diginomica network on AI adoption. 

diginomica picks - my top stories on diginomica this week

• Why CEOs can’t delegate AI responsibility – Wrike’s Thomas Scott on leading through AI - Ian bears down on AI agents, leadership and governance: "An AI ‘strategy’ can quickly descend into chaos and fragmentation. To prevent that drift, leaders need operating context — not just tool familiarity, but clarity about where probabilistic agents belong within the wider system of work. This need for context-aware leadership is something he says he continually stresses at Wrike."

• Target's still not hitting the bullseye. Will a combination of AI and human intelligence provide the omni-channel boost needed? - Stuart examines a retail leader that has yet to recover its surprising pandemic mojo: "As a retailer, agentic commerce is obviously high on the Target agenda, although Fiddelke strikes a pragmatic note here in contrast to the hype seen elsewhere."

  Zero Trust World 2026 – why failure is not an option! - Chris attended ThreatLocker's Orlando event last week, and filed some spicy missives on cybersecurity in the AI age: 

But should security professionals be blamed for everything that goes wrong? Not in the AI age, according to former White House CIO Theresa Payton. As seen yesterday, she used her own conference speech to urge security teams to ask senior managers who would take responsibility for an AI – an autonomous agent, perhaps – making a disastrous business decision. In her view, such a scenario would not be a security failure, but a business leadership one. That is clearly correct, but as she pointed out, the security team will get the blame nearly 100 percent of the time."

Also see: Chris' Zero Trust World 2026 – don’t trust AI to secure your business or replace your juniors, warns ThreatLocker CEO.

Vendor analysis, diginomica style. Here's my top choices from our vendor coverage:

• Box FY26 earnings - more agents mean more files, and that's good for Box - Phil on Box's solid earnings, and proof points against the so-called SaaSpocalypse: "No 'SaaS-pocalypse' in sight for Box, then? On the contrary, Aaron Levie, Box's ebullient CEO, welcomes the prospect of surging numbers of AI agents across the enterprise, reasoning that this will only create more demand for the file storage, sharing and management capabilities that are Box's domain."
• Your AI agents can talk to each other - but are they saying anything useful? Confluent Intelligence aims for insight - I'm not bullish on agent-to-agent communication across vendors in 2026, but if any vendor can advance this, Confluence would be on my short list. Derek's on the case: "Confluent's argument is that you need both - continuous fresh context flowing in via MCP, and the ability to orchestrate what agents do with that context via A2A."
• UiPath acquires WorkFusion - and takes aim at financial crime compliance. The detail matters - Alyx digs into the 'why' behind UiPath's latest acquisition. The answer lies in 'purpose-built' agents for industry.
• SAP's role in the new world order as the tech stack re-shapes for the first time in years. Muhammad Alam explains - Stuart has the latest from SAP on why incumbent vendors aren't out of the AI software market. He quotes Alam: "I know there's been some discussions that say, ‘Hey, is Concur more prone to disruption?’.  But if you look at Concur and you decompose that business, it's Expense Management. Expense Management may sound simple to the layperson, but there is a phenomenal amount of statutory requirements around the world that we spend a significant amount of our R&D investment on, keeping up to date on a very regular basis."

A few more vendor picks, without the quotables:

• Enterprises pour billions into data lakehouses. So why can't the business use the damn things? - Alyx
• Carpentry, CapEx, and continuing disruption - Salesforce CDO Joe Inzerillo on the real impact of AI on SaaS providers - Stuart
• ZohoDay 2026 - How Newcross Healthcare builds AI apps on a governed platform - while keeping AI hype at bay - Jon
• ServiceNow's Paul Fipps on enterprise AI - ‘The LLM reasons, but it’s the platform that executes’ - Derek
• How Booking.com uses AI and data to create connected trips for its customers - Snowflake use case by Mark Samuels

Jon's grab bag - International Women's Day warrants substantial editorial, not LinkedIn platitudes, which Madeline and Cath provided across several features, including International Women’s Day 2026 - why is there still a big AI gender skills gap – and what can employers do about it? George explored the notable virtues of smaller data centers in Smaller, more sustainable data centers might be more practical. Here's why (let's not underplay small data/edge AI technologies also). George also wrote one of the most interesting enterprise AI pieces of the year in Why it might be helpful to think of AI as a trance, for better and worse. 

Chris has another vivid installment in his ongoing AI and copyright coverage: AI and copyright – in a welcome move, UK legislators reject tech vendor claims, warn of existential danger to Britain’s creative sectors. Meanwhile, Stuart tracked the latest in the Anthropic/OpenAI Pentagon fracas with Back to the negotiating table? Might there be peace in our time between Anthropic and Trump 2.0 or has the war of words gone too far? (Updated 6th March). He addressed the OpenAI pretzel twisting angle in An "inconsequential" sum of money, but the PR cost is much, much higher - OpenAI's Sam Altman continues his 'mea culpa' tour...up to a point. It's awfully convenient to do the right thing when you make billions for your trouble... But the enterprise ramifications will take more sorting. 

We've also got some enterprise ear candy for you this week - now there's a phrase you don't hear often! Phil adds to our Executive Intelligence series with Executive Intelligence podcast - Certinia founder Deb Ashton on the changing services business, learning from customers, and seizing opportunities as they come. Mark Chillingworth updates our diginomica network podcast series with the diginomica network podcast - Holland & Barrett CFO discusses tech investments and latest earnings. 

Best of the enterprise web

My top seven

• Only 15% of CISOs Can Map Their AI Supply Chain. A Federal Vendor Cutoff Just Showed Why That Matters - the Anthropic/OpenAI federal skirmish captured gobs of headlines, but what does this mean for enterprises? Louis Columbus takes us closer with this one: "You can’t execute a transition plan for infrastructure you haven’t inventoried. Your contract with Anthropic may not exist, but your vendors' contracts might. A CRM platform could have Claude embedded in its analytics engine. A customer service tool might call it on every ticket you process. You didn't sign for that exposure, but you inherited it, and when a vendor cutoff hits upstream, it cascades downstream fast. The enterprise at the end of that chain doesn't know the dependency exists until something breaks or the compliance letter shows up." For a deeper political ponder, check Anthropic and the Pentagon, by Bruce Schneier.
• How AI Assistants are Moving the Security Goalposts – Krebs gets real about AI assistants: "the volume of machine-generated code is likely to soon overwhelm any manual security reviews." AI auditing AI, what could go wrong?
• Box CEO Levie: AI agents need context, unstructured data - Larry Dignan's piece on Box brought up this contention: "Tone around SaaS is improving... The last two weeks have revealed that Wall Street analysts are adopting a more nuanced argument." I hope Dignan is right - I'm not looking for ultra-nuance; I'm just asking for AI sobriety...
• Stateful AI Agents: 5 Failure Modes to Avoid - I went looking for a thoughtful post on stateful versus stateless AI, a crucial disctinction when it comes to context. This post from Tacnode lays it all out.
• What is sovereign AI? - This McKinsey interview on sovereign AI clarifies an emerging issue, especially for global players: "The difference between data sovereignty and sovereign AI is you can actually have data sovereignty, but you may not have sovereign AI. Sovereign AI is actually the intelligence layer that you build on top of your data."
• Multi-media fun - if you didn't check our latest month in review, it was a spicy one: Here's the optimized audio version: Enterprise month in review - agentic AI gut check time - with Andreas Welsch. If you want to geek out on AI with me, here's my favorite YouTube talk on agentic memory. 

Whiffs

That went well...

Is now a good time to rethink "smart" devices on the homefront? 

Privacy seems like an oxymoron until itself, right? 

See you next time... If you find an #ensw piece that qualifies for hits and misses - in a good or bad way - let me know in the comments as Clive (almost) always does. Most Enterprise hits and misses articles are selected from my curated @jonerpnewsfeed.