Dutch IT Leaders - Gartner special 2025 BELUX

REMI GULZAR

‘No matter how uncertain the future is, one of Gartner’s key messages is: you are part of that future yourself.’

ROB O’DONOHUE

‘It reduces uncertainty, if you involve people in shaping the future.’

CIOs as Agents of Change

Digital transformation is at a decisive stage. For years, technology was primarily viewed as a tool to make processes more efficient. Today, however, CIOs and other digital leaders are increasingly recognized as strategic agents of change. They are not only steering technological innovation, such as the rise of AI, but also driving fundamental changes across organizations, markets, and society as a whole.

The Gartner IT Symposium/Xpo 2025 in Barcelona, with its fitting theme Agents of Change, is at the center of this development. It is the place where visions are shared, strategies are tested, and practical steps are discussed to help CIOs futureproof their organizations. The issues at stake are wide-ranging: from the adoption of artificial intelligence and the impact of the European AI Act to the role of sovereign cloud solutions, data strategy, security, and the development of new digital ecosystems.

For this special edition of Dutch IT Leaders, numerous conversations were held over the past months with Gartner experts and leaders from the technology sector. These stories highlight how broad and complex the CIO’s agenda has become. It is no longer just about technology choices but also about leadership, collaboration, and balancing innovation with governance.

A recurring theme in all these conversations is the central role of trust—trust in data, in technology, but above all in people. CIOs who engage their employees in digital transformation are more successful in seizing new opportunities. Equally important is collaboration between government and industry, as well as international partnerships, to translate the promise of technology into sustainable growth and societal value.

For a CIO who aspires to be a true agent of change, it is therefore crucial to connect technology with people and strategy. This requires not only investments in systems but, above all, the development of a culture centered on collaboration, learning, and trust.

Marco van der Hoeven Manager CxO Content

Digital sovereignty, AI and strategic cloud choices

Geopolitical developments, the growing complexity of cloud environments, and the rise of generative AI are forcing organizations to reconsider their strategic direction. CIOs are faced with questions that go beyond technology: how do we ensure compliance, maintain control over data, and use emerging technologies responsibly? Eric Loos, Executive Partner at Gartner, shares his insights in an interview with Dutch IT Leaders.

With a 25-year career in the telecom sector — ranging from engineering and operations to data center and cloud responsibilities and heading digital transformation — Loos brings a distinctly hands-on approach to the Gartner Executive Programs team. “Many clients appreciate sparring with someone who’s also been in the trenches.”

His daily work involves conversations with CIOs facing fundamental choices. “If I had to name the top three challenges, they would be operating models, strategy, and — this year — digital sovereignty.”

Strategy

Loos emphasizes that many CIOs are looking for support in shaping their strategy and rethinking their operating model. “These are things organizations don’t do often. What you want is for them to learn how to continually adapt their strategy themselves.” He sees clear added value in Gartner’s Executive Program, which focuses on interaction and independent thinking. “Rather than delivering a slide deck that ends up gathering dust in someone’s inbox, we work with the client to build lasting strategic capability.”

Although discussions around digital sovereignty have been ongoing for some time, Loos notes a marked in -

crease in urgency. “It is a wake-up call for many companies. Where it used to be unthinkable that software from outside Europe could pose a risk, boards are now suddenly asking questions.” He refers to parliamentary debates as well as concrete incidents, such as the recent faulty update a company that caused widespread system outages globally. “That was a turning point. It triggered awareness that third-party risks are deeply embedded in the value chain.”

Organizations are now starting to map their dependencies and explore

strong lock-in. Exit strategies used to be a theoretical exercise — now they are being taken seriously.”

Still, cloud remains the engine of innovation. “Gartner continues to advise treating cloud and AI as strategic pillars. But the question of how, where, and under what conditions needs to be re-evaluated, especially considering compliance and European regulations.”

Control

A notable trend is the increasing fragmentation of software use within organizations. Loos explains: “In the

‘What if a provider ends up on an exclusion list? Can you still continue using a cloud service?’

scenarios. “What if a supplier ends up on a sanctions list? Can you still use that cloud service? We are seeing businesses prepare for questions that until recently seemed unthinkable.”

Exit strategy

One of Loos’s recommendations to CIOs is to revisit their cloud strategy, especially regarding exit options. “You get the most out of cloud by fully integrating with the capabilities of hyperscalers. But that also creates a

past, SaaS solutions were typically large suites under the supervision of the CISO and CIO. Now we are seeing the rise of smaller tools popping up across departments, often outside IT’s visibility.”

This leads to risks around data extraction via marketing or AI tools, where there is little oversight of contracts, data destruction, or access management. “It’s easy to start using a tool via a company credit card. But have all GDPR checks been done? What

happens to the data once the contract ends?”

CIOs must strike a difficult balance: on the one hand, enabling the business, and on the other, ensuring compliance. “In some organizations, compliance is now seen as an obstacle to progress. So the CIO must navigate between governance and enablement.”

GenAI

Generative AI is also reshaping how CIOs assess technology. “AI has been

around for a while, but GenAI made it tangible for the business. Suddenly, everyone understands what it can do.” Still, its use remains limited, Loos observes. “Most organizations are still experimenting internally — using chatbots to summarize documents or code assistants. But I do see clear ambitions in strategic plans for 2026 to go further.”

He notes that budget cycles are a major factor. “Right now, we are talking to clients about their 2026 plans. That

means this spring is the key time to set priorities. Innovation often runs up against those cycles.”

CIO

Developments in AI, cloud, and geopolitics are forcing CIOs to redefine their role. “CIOs must reconsider how they position themselves within the organization. They’re no longer just the technological backbone. They’re expected to provide answers on risk, strategy, and compliance.”

A growing trend is the ‘franchising of IT,’ where business departments deploy their own IT solutions to move faster. “That makes the CIO’s role more complex. They have to ensure that these initiatives are managed in a secure, compliant, and controlled way.”

Symposium

According to Loos, the upcoming Gartner Symposium will play a key role in this transition. “I was a Gartner client before I joined Gartner. For me, the symposium was always the moment to explore new ideas. It’s a place where you get high-quality insights from analysts who really know what they are talking about. It’s a concentrated dose of inspiration — and realism.”

In a world where technology, politics, and business strategy are increasingly intertwined, Loos argues for sharper awareness and greater resilience. “Organizations should not just focus on innovation — they also need to think about how to stay resilient. That calls for strong CIOs, with attention to detail and strategic oversight.” 

AGENTS OF CHANGE: BETTINA TRATZ-RYAN ON

CIO leadership, data maturity and the Gartner

IT Symposium 2025

Bettina Tratz-Ryan is chair of this year’s Gartner IT Symposium in Barcelona. As Vice President Analyst at Gartner, she brings nearly three decades of experience in digital transformation and strategic technology policy. Her focus is no longer solely on technology: it is about the impact of digital change on organizations, economies, and society as a whole. How can an organization remain resilient in a world where disruption is more the rule than the exception?

Her long track record at Gartner allows Bettina Tratz-Ryan to put today’s shifts into perspective. Currently, she sees that data, once a supporting factor, has become the centerpiece of digital decision-making. “Data is in everything: from vehicles to devices to processes. And because AI and GenAI are able to leverage it intelligently, the strategic value of data continues to grow.”

Resilience

In her current research, Tratz-Ryan focuses on how data can contribute to a resilient digital economy. “Data doesn’t just help optimize,” she says. “It supports sustainability goals, accelerates innovation, and enables citizens and entrepreneurs to create value in new ways.”

That development also raises questions about accessibility. “How do we ensure that not only large corporations but also small businesses and citizens have access to reliable and usable data?” Applications like ChatGPT can help with that, but only if data trust is well established.

The CIO as strategic leader

This shift makes the CIO’s role more complex and more important than ever. “In many European countries, the

CIO used to be a luxury. But now the role carries much broader responsibility: not only for IT, but also for the impact of technology on the entire ecosystem, from supply chains to sustainability and ethics.”

According to Gartner research, only a small share of CIOs are truly fulfilling that strategic role. “It’s no longer just about implementing systems,” says Tratz-Ryan. “The CIO must evolve into a driver of responsible digital change.”

Industry 4.0 and agentic AI

Another topic she addresses is the rise of robotics within Industry 4.0. “In

that can autonomously respond to variations in temperature, material, or production planning, that’s where agentic AI will play a role.”

But she cautions: without data maturity and strategic leadership from CIOs, such innovations risk remaining stuck in isolated pilots. “Smart operations require vision and preparation, not just technology.”

A platform for strategic leadership

As chair of the Symposium, Tratz-Ryan plays a key role in shaping the program. “It’s not just about showcasing the latest technologies,” she explains.

‘Our data shows that 70 to 80 percent of companies are continuously confronted with disruption.’

Germany and other parts of Europe, robots are increasingly used to automate processes and support human work,” she says. “But deploying robots alone is not enough. The real value only emerges when they are connected with technologies like computer vision and AI.”

Tratz-Ryan sees particular potential in systems that can adapt to changing conditions. “Cyber-physical systems

“We want to give participants concrete tools to deal with change and to look ahead.”

That requires tailoring, because the audience is international and diverse. “We have more than seventy nationalities at the event. Some are already advanced with AI, others are in the middle of their cloud migration. The content must be relevant to all of them.”

Agents of Change

The overarching theme this year is ‘Agents of Change – Leading Through Intelligence’. According to Tratz-Ryan, that is a deliberate choice in a time when disruptions follow one another at great speed. “Our data shows that 70 to 80 percent of companies are continuously confronted with disruption. Think of geopolitical tensions, trade conflicts, faltering supply chains, or business value chains. CIOs increasingly need to react in real-time and make rapid decisions.”

Nearly 60 percent of CIOs in industry say their organizations can hardly keep up with the pace of change. “With this theme, we want to help participants not just react to changes, but to actively steer them.”

Technology in balance

What sets Symposium 2025 apart from previous editions, according to Tratz-Ryan, is its broader perspective.

“Technology is still important, but we also look at the social and geopolitical context in which that technology is applied.”

This is particularly relevant for European CIOs, who face legislation such as the AI Act and debates around digital sovereignty. “Regulation is often seen as a restriction, but it can also provide protection. Look at Denmark, which is critical of its dependence on U.S. cloud providers.”

Knowledge sharing

Attendees can expect content on topics such as digital sovereignty, cost optimization, cybersecurity, and AI governance. Peer-to-peer knowledge sharing is central. “We are organizing more roundtables, workshops, and clinics than ever before. Sharing experiences is indispensable in this context.”

As chair, Tratz-Ryan spends the entire year preparing for the Symposium. “I

am constantly in contact with fellow analysts, but also with policymakers, industry organizations, and end users. That external input helps us set the right priorities.”

The goal is to align the event’s content with workplace realities. “We don’t want a theoretical showcase, but a conference that actually helps CIOs with their daily challenges.”

Value

For Tratz-Ryan, the event is a success if it creates real connections. “If CIOs share experiences, if customers find answers to their questions, if suppliers are judged on their ability to address participants’ needs—then I know we’ve created something valuable.”

The message she wants to leave with CIOs? “Change is no longer a project. It is the standard. The CIO who handles that constant change with data, vision, and agility is the one who will make the difference.” 

Digital resilience in the public sector

From digital transformation and AI adoption to strategic autonomy and procurement policy, the international public sector faces complex issues that demand clear choices. Edwin Maaskant, consultant with Gartner Consulting working with organizations such as the European Union and the United Nations, shares his perspective on the key challenges and opportunities facing public institutions in a rapidly changing world.

At Gartner, Maaskant focuses on supporting major societal goals in the international public sector, including economic growth and employment, rule of law, public safety, poverty reduction, and climate action. He sees firsthand how institutions like the EU and UN are searching for ways to use technology more effectively. “Our clients don’t just want to understand what’s happening, they want to know: how do we get things done? How do you turn insight into actual change?”

That’s not an easy task in a sector where geopolitics, regulation, and international cooperation play a central role. “The wars in Ukraine and the Middle East, Russia’s hybrid warfare against Europe, tensions with China and the U.S., and the growing emphasis on strategic autonomy are all putting pressure on the public sector to become more resilient and productive. Technology plays a key role in that, but turning it into implementation remains difficult.”

Resilience

At Gartner’s CIO Leadership Forum, two priorities stood out according to Maaskant: productivity and resilience. AI is widely seen as a tool to improve productivity. “AI can automate tasks, accelerate decision-making, and streamline processes. But it’s not just about technology — resilience, for instance against cyber threats, is also high on the agenda.”

Public institutions are becoming

increasingly aware of their vulnerabilities. “The question is no longer if, but when you will be hit. Continuity of services, data privacy, and security have become strategic issues.”

Finding balance

Digital sovereignty is a recurring theme in conversations with governments. “Many European institutions have become dependent on U.S. hyperscalers. But cutting ties completely isn’t realistic or desirable,” says Maaskant. “Not every public body or company wants

strategy phase. There’s a rush to act, without proper planning or establishing the right governance. Often, there’s also a lack of in-house expertise.”

A structural issue, he notes, is that public organizations only undergo such large transitions once every few years and do not always retain experienced teams. “But you can’t fully outsource a transformation to external consultants who don’t know your organization and still expect flawless execution.” That is why Gartner offers ‘value assurance’, neutral implementation support that

‘The public sector can learn from how the private sector rapidly adopts and implements new technologies.’

to or can develop its own software or build data centers.”

The challenge, he explains, lies in managing dependencies wisely. “You must assess risks, but also consider your ability to innovate and control costs. There are situations where accepting higher costs and fewer features makes sense if it brings more control. Gartner helps organizations make those tradeoffs objectively, without any commercial interest in the implementation.”

Common pitfalls

While strategies are often well thought out, Maaskant sees many implementations fail in practice. “One key reason is that too little time is spent on the

acts as a bridge between supplier and client, coaching the internal organization while holding the vendor accountable.

Procurement

Public procurement is often seen as a brake on innovation. Maaskant recognizes the issue: “Tender documents are sometimes too detailed and leave little room for innovation. That causes missed opportunities.” Alternative models such as competitive dialogue can create more flexibility. “In such cases, Gartner often supports the entire process, from drafting tender requirements to conducting demos and proofs of concept.”

The goal is to help the public sector better align with what is technologically possible. “Many organizations don’t know what’s available in the market. Thanks to our market knowledge, we help them avoid unnecessary assumptions and select solutions more effectively.”

The human factor

AI is gaining ground in the public sector as well, but is still often deployed in a fragmented way. “Everyone is experimenting, but usually in an ad

hoc manner and without a broader strategy. Usage varies widely between departments or individual employees.” The human factor is often overlooked. “Without training and guidance, AI won’t deliver the expected value.”

According to Maaskant, Gartner research shows that organizations that invest in user adoption and training consistently perform better. “Technology alone is not enough. The context in which it is applied ultimately determines success.”

Learning from each other

The public sector does not face the same commercial pressure as the private sector. “That makes rapid innovation more difficult. But the public sector can learn from the private sector’s ability to adopt and implement new technology quickly.” At the same time, businesses can learn from how governments approach resilience, cybersecurity, and structure, often driven by regulation.

“Especially when it comes to protecting critical infrastructure, public institutions have a key role, and serve as an example to the private sector. Think of sectors like energy, transportation, or telecom, which are increasingly targeted by cyberattacks.”

Scenario thinking

Gartner Consulting is currently working with several European institutions on scenario-based resilience models.

“We assess what defines a ‘minimum viable company’. What do you need to remain operational during a major cyberattack, like ransomware? How quickly can you restore systems, within a week, two weeks, or a month?”

This approach requires close collaboration between IT, business, and leadership. “It’s about being prepared for disruption — not in theory, but in concrete steps and timelines.”

At this year’s Gartner Symposium in Barcelona, Maaskant expects four main themes to dominate: cost optimization, cybersecurity, data strategy (including AI), and cloud in relation to sovereignty. “Cost optimization remains important, especially now that tariffs and geopolitical pressure are impacting budgets. But resilience and cloud governance will receive just as much attention.” 

Strategic sourcing, geopolitical pressure and AI

The dynamics in the IT services market are changing rapidly. Irada Veliyeva, Director Analyst at Gartner, closely follows these shifts. She focuses on outsourcing and sourcing of IT services, excluding software, with special attention to contracting, pricing developments, and geopolitical influences. At the Gartner IT Symposium in Barcelona, she will host a session on negotiating with large IT service providers. In this interview, she previews that session and outlines the developments CIOs in Europe need to pay close attention to this year.

One of the most pressing issues in the market right now is the effect of U.S. policy changes on global outsourcing. “U.S. tariffs are mainly aimed at goods, but they are causing price increases that are also affecting the services sector,” Veliyeva explains. “IT service providers are starting to adjust their prices. It’s not yet a big jump, but by the end of the year we expect clear increases.”

For CIOs, this means outsourcing is becoming more expensive. Combined with rising costs from AI investments, sourcing decisions are becoming more sensitive. “We advise CIOs, especially in Europe, to review existing contracts and, where possible, secure fixed price agreements for the next three to five years,” she says. “Not only because of inflation, but also due to economic and geopolitical uncertainty.”

The outsourcing landscape Europe is once again orienting itself toward nearshoring, for example in Ukraine, which Veliyeva says is becoming relevant again as U.S. companies withdraw. “Clients are looking for alternatives to India, especially after tensions between India and Pakistan. That puts pressure on the market.” Besides Ukraine, Europe is also looking at countries such as Georgia, Serbia, and Turkey as attractive nearshore

options. The traditional nearshore regions like Poland, the Czech Republic, and Hungary are facing labor shortages and rising costs. “Prices there have risen sharply in the past two years. It’s no longer cheap and also not easy to find suitable talent,” Veliyeva notes. These shifts are pushing companies to reconsider their sourcing strategies. Organizations increasingly look beyond traditional regions and try to build in more flexibility. At the same time, there is growing focus on the geopolitical stability of new offshore and nearshore locations. “Instability in certain regions has made companies more cautious. Diversifying supplier locations is therefore more important than ever.”

Expectations versus reality

The rapid rise of AI is also affecting outsourcing practices. Service providers are investing heavily in automation to offset the shortage of IT talent. Clients expect AI to lower costs, but those savings have not materialized yet. “Productivity is going up, but costs are not going down,” Veliyeva says. “Service providers are investing so much

in AI that they first need to recoup those costs. They are not yet passing the benefits on to their clients.” This leads to frustration among CIOs who expected savings.

She emphasizes that CIOs must remain realistic about the cost structure of AI-based services. “Expectations of quick ROI are understandable, but the market is still developing. Transparent communication with providers about investment plans and cost models is crucial.”

A critical factor

At her session in Barcelona, Veliyeva will dive into negotiations with major providers such as Accenture, Deloitte, Infosys, and Capgemini. She will share practical tips on timing, negotiation points, and structuring contracts, depending on the type of service, such as consultancy, support, or development. The biggest pitfall, according to Veliyeva? Lack of preparation time. “Many CIOs only start negotiating when the contract is about to expire. At that point, the provider knows you have no choice. You really need to start preparing a year to two years in advance.”

‘I know how busy you are as a CIO, how much is coming your way, and that you don’t always have time to think strategically.’

‘We’re seeing a shift away from globalization — countries are turning inward.’

For large contracts with so-called ‘mega vendors,’ it is therefore crucial to decide well in advance what you want, what alternatives you have, and when you approach the market. “Many CIOs are surprised when I say a realistic negotiation process takes one to two years. They think it can be wrapped up in a few months—but that’s simply not realistic.”

Another important point in her session will be how timing and providers’ financial cycles affect pricing negotiations. “Knowing when a provider closes its quarter or fiscal year can make the difference between a good deal and a missed opportunity.”

Practical tools

Before joining Gartner, Veliyeva worked on the business side: “I was a Gartner client myself. That helps me tremendously now. I know how busy a CIO is, how much comes their way, and that there isn’t always time to think strategically. It’s my job now to make that strategic translation.” Her experience with vendor contracts makes her an effective advisor. “I understand the drivers of both the client and providers like Accenture or PwC. And I always try to be concrete: what can you apply on Monday morning?”

At the Symposium in Barcelona, Veliyeva primarily wants to provide practical tools. “What makes Gartner unique

is that you don’t just get long-term visions, but also directly applicable recommendations. Many conferences remain theoretical. At Gartner, you get advice you can act on immediately.”

About her own session, she says: “We’ll discuss differences between service providers, their interests, and the best time to negotiate. We’ll also cover how to sharpen your own priorities and restructure a contract. Participants will walk away with practical tips.”

Compliance, AI regulation and diversity

Beyond costs, timing, and vendor dynamics, regulation is playing an increasingly important role. Veliyeva warns that U.S. AI solutions may not comply with the upcoming European AI Act. “CIOs must carefully check whether their AI providers meet European standards. The U.S. is diverging from international agreements, and that

creates risks.”

She also sees differences in diversity and inclusion (D&I). “The U.S. is partly stepping back from D&I initiatives. European CIOs must account for differing strategies per region. What is no longer encouraged in the U.S. may be mandatory in Europe.”

Finally, Veliyeva points to the bigger picture. “We see a shift away from globalization: countries are turning inward, trying to retain their own talent, build their own infrastructure. That has major impact on sourcing strategies. The world is no longer bipolar—it is fragmented.”

Precisely in such a context, preparation, agility, and strategic collaboration are essential. “The choices CIOs make now will determine how future-proof their organizations are. I look forward to having those conversations in Barcelona—with both familiar faces and new ones.” 

AI agents, composable architectures and the CIO

At the upcoming Gartner IT Symposium/Xpo in Barcelona, AI will be one of the central discussion topics. Senior Director Analyst Tigran Egiazarov of Gartner shares his vision with Dutch IT Leaders/Dutch IT Channel on AI agents, their role within intelligent applications, and what CIOs can expect from these technologies.

AI agents are currently among the most talked-about subjects in the tech sector. But what exactly are they? “We define an AI agent as an autonomous or semi-autonomous software entity that uses AI techniques to perceive, make decisions, and take actions on behalf of or together with the user, in both digital and physical environments,” Egiazarov explains. Whether it’s a chatbot opening bank accounts or a self-driving vehicle, AI agents come in many forms. This technology sits at the intersection of innovation and application, offering unprecedented opportunities for companies to transform their processes.

“I focus at Gartner on modern technologies and architecture. The area I’m currently most engaged with is AI agents. They can be used for software engineering, like AI coding assistants, but also for business automation. We distinguish clearly between those applications, because they are two completely different domains.”

The gap between promise and reality

Although many technology vendors are making big announcements around AI agents, actual adoption within organizations remains limited. “Vendors are fueling the hype around AI agents. But companies are still early in the process. Our latest survey shows that most are building AI-powered applications, like chatbots—not real AI

agents or orchestrated agent systems.”

This gap between promise and reality calls for nuance and careful guidance in embedding AI into business strategies.

Egiazarov advises CIOs to stay critical: “We tell our clients: don’t wait, but be deliberate. Avoid ‘agent washing,’ where simple processes are suddenly labeled as agents without any autonomous capabilities.” He stresses that it’s not about technology for technology’s

can discover and invoke to fulfill user requests. “Without well-structured, real-time accessible data, agents get lost in legacy tables and produce unreliable results. Data access must be regulated through APIs, which requires clear governance.” Data readiness is thus a critical prerequisite for successful AI adoption.

In addition, frameworks and agent platforms already exist, but communication protocols such as A2A (agent-to-

‘The two biggest questions CIOs ask are: what do we do with our current architecture, and how do we make our data AI-ready?’

sake, but about effectively solving business problems through smart automation.

Composable architectures

A recurring theme in Egiazarov’s analysis is the importance of solid underlying architecture. “Adoption of agents is growing. Companies are investing in platforms to build them. They want to set up a composable AI architecture so that everyone in the organization can use and expand agents.” This approach requires a holistic vision where data, processes, and technology converge. But this is often where things go wrong. “Companies are not ready yet.”

The underlying architecture often lacks well-defined APIs that agents

agent) and MCP (environment recognition) still need further standardization. Without these standards, scalable and reliable orchestration of AI agents is hard to achieve.

The role of the CIO

According to Egiazarov, CIOs must look beyond the technology itself. “The two biggest questions CIOs ask are: what do we do with our current architecture, and how do we make our data AI-ready? AI agents don’t replace core systems, but orchestrate them through well-defined APIs. We call this an AI-ready composable architecture.” CIOs play a leading role here as the bridge between technology and business strategy.

AI agents, Egiazarov says, are the building blocks of a new generation of software: intelligent applications.

“These are applications that leverage AI agents, run on composable architecture, and use AI-ready data. They can adapt to the user and autonomously organize business processes.” These applications bring flexibility and personalization to a new level and represent the next evolutionary step in enterprise software.

He stresses that the value of these applications must be clear: “Without demonstrated business value, a project won’t get further funding. That’s why we provide examples of use cases that already work.” Showing impact is essential to maintaining long-term organizational support.

Use cases

“There are plenty of examples: agents that check and correct financial transactions, open bank accounts, and automate KYC processes. In software

engineering, we see agents generating product requirements, integrating with GitHub and JIRA, and automatically delivering code.” These cases show that AI agents can be applied across domains, from customer interaction to software development.

“In AIOps, agents use log data to predict outages and even automatically repair applications. These are not future visions, but realities in the making.” Egiazarov points out that companies are already experimenting with these implementations and generating value from their early projects.

Acceleration through agents

“AI coding assistants such as GitHub Copilot, AWS Kirom, and Cursor offer a strong case. Many tools are available off the shelf. Some companies build their own solutions, for example in DevOps automation.” These tools significantly accelerate software development and allow teams to move faster from idea to execution.

“We advise against deploying applications directly into production without quality control. But vibe coding can be used to explore new ideas—it’s ideal for prototyping. You can quickly create a prototype, test with customers, and later rebuild it professionally if the idea succeeds. But don’t forget to test what you build. By working iteratively, companies can reduce risks and accelerate innovation.”

The C-level perspective

A key point for CIOs is how to explain AI agents and intelligent applications to the rest of the board. “Intelligent applications adapt to the end user, understand internal data and APIs, and orchestrate existing capabilities. This is the future.” Egiazarov emphasizes that this technology is not just technological but also strategic.

“Users expect adaptive interfaces. You can already achieve this with backend-driven frontends and AI-generated UIs.” This level of personalization will be a key differentiator for organizations that want to be customer-centric.

Insights

These kinds of insights are what make IT Symposium so valuable. “Developments are moving so fast that you can’t keep up on your own. We talk to thousands of clients, gather insights, distinguish what works from what doesn’t, and present it summarized. Gartner’s strength lies in our proprietary, high-quality sources of information that are unavailable elsewhere, our impartial perspective, and the absence of hallucinations. That’s value you can’t get from AI tools alone.”

According to Egiazarov, the Symposium is a unique opportunity to gain a wealth of knowledge and insights in a short period. “The Symposium gives CIOs a glimpse into the future and supports strategic planning for the years ahead. Without a strong vision, an organization will run into trouble.”

Digital sovereignty requires long-term strategy and short-term actions

Digital sovereignty has quickly become a highly relevant topic. While Gartner has long warned of the risks of excessive dependence on a single cloud provider, those risks are only now being widely felt. Dutch IT Leaders spoke with Gartner VP Analyst Gregor Petri, who has been covering developments around cloud for many years.

The topic of digital sovereignty is very current, but the risks are not new,” says Petri. “As early as 2022, we wrote about the question: what is the risk of losing your cloud provider? At the time, many people thought, ‘that won’t happen to us—we follow the rules.’ But especially the assessment of how likely such a scenario really is has changed dramatically due to the current geopolitical situation. Organizations (and their CIOs) now feel a much greater sense of urgency.”

One of the challenges, according to him, is that both general management and a broader group of stakeholders must be involved. “These include users, customers, regulators, and if you work in government, also the central government. Only in that way can you develop a broadly supported model for how to handle this issue.”

Taking stock

The first concrete step toward digital sovereignty is making a clear inventory. “Where do we stand right now? What have we already moved into the cloud, and are we now having doubts about that? Can we still change it? Can we move back? Or if not—or not in the short term—are there emergency measures we can take now?

For example, keeping a daily read-only copy of our data in-house or with

a local provider. These are tough questions.”

The second step is to review what is currently scheduled for implementation. “To what extent can we pause or even stop that? That may seem easier, but remember that organizations not yet far along in cloud adoption are often the more conservative ones. Their technology portfolios are frequently based on systems and technologies that may soon no longer be supported. “Hardware may not be replaceable anymore, or the application vendor may already have announced that future versions will only be available in the cloud. So even stopping further steps is far from trivial.”

The CIO’s role

Strikingly, these questions are now increasingly coming from top management, who pass them on to the CIO. “It’s not that CIOs haven’t thought about it before, but the questions also include: how high do we estimate the risk? What do we find acceptable to spend on this? That trade-off requires dialogue with the rest of the organization, especially with senior management. We use a model with three layers: data sovereignty, operational sovereignty, and technical sovereignty.”

“It starts with the question: to what extent can my provider secure my data,

for example against foreign influence? If management finds the guarantees or technical safeguards insufficient— think of legislation like the Cloud Act or FISA Act—the next step is: can my provider work with a local partner, or deliver services through a local entity to provide more isolation?”

Blockade scenarios

This could mean isolating the cloud environment from other world regions. “So it is not part of an environment connected to New York or London. It is a stand-alone unit. This becomes particularly important when running risk scenarios. For example: what is the chance that I face a blockade due to international or foreign sanctions? That has already happened in practice, including in the Netherlands, so it is by no means an exotic scenario. What we now see is that regular organizations and government agencies are assessing the likelihood of such scenarios much higher than before.”

He stresses that this cannot be solved overnight. “It is technically simply not possible. That is why you need a longterm strategy to determine how to reduce dependence. Can we bring in multiple providers? What we certainly don’t want is to replace one monopolistic or monolithic cloud provider with another that just happens to be local.”

‘Back in 2022, we already raised the question: what’s the risk of losing your cloud provider?’

Spreading risks

This means moving toward a model with multiple building blocks that can work together. “Interoperability will be crucial in cloud services, as will standardization. From there, you can build a situation in which you spread risk. Don’t look for one solution for all business functions—for example, one integrated solution for email, chat, conferencing, calling, etc. From a user convenience perspective, such an approach seems ideal. But from a risk-spreading perspective, it is actually counterproductive.”

That requires multiple solutions, not all functioning in exactly the same way, and running in different environments.

“This contributes to spreading risks. But it does demand a different mindset in many organizations, which often think primarily in terms of efficiency rather than risk management or diversification. What we expect to see is that providers will start delivering building blocks that customers can assemble into configurations that make sense for them, with more choice over time regarding the environment and location from which these services are delivered.”

“What we do not expect is that end-user organizations will develop all these building blocks themselves. Especially in combination with AI and modern technologies, that is no longer realistic for most organizations. That also explains the popularity of SaaS solutions. But it remains important to keep them modular, so that you retain influence over deployment and configuration. Multicloud, partnerships, and interoperability are the key words.” 

‘Agility is essential in uncertain times’

Amid turbulent geopolitical and societal developments, the future has become more unpredictable than ever. Public organizations, too, will need to anticipate that uncertainty by becoming more agile and flexible. Dutch IT Leaders spoke about this with Remi Gulzar, Dutch VP Analyst at Gartner.

We see a lot of change within the public sector, and those changes are closely tied to the question: how far into the future can you really see?” says Gulzar.

“At Gartner, we receive many questions about this. What does this mean for the way the Dutch public sector is organized? How can you deal with an unstable future with some degree of certainty?”

He reflects: “After COVID, there was momentum. A strong willingness had emerged to try new things, adopt new measures, and embrace new ways of working. But over the past three years, we’ve seen a relapse into a very plan-driven approach. And we know that the way government operates—through plans and policies—actually makes public organizations very rigid. That leaves them especially vulnerable when rapid changes hit.”

Room to move

He identifies four key points of attention. “First, it is essential to understand exactly where your organization stands in terms of service delivery. Where is there room to maneuver? Can you adapt your services to the current context? Or must you constantly implement new technologies just to avoid falling behind?”

For executives, that’s a difficult balancing act. “On the one hand, there is political pressure to do things cheaper and better. But at the same time, in an uncertain environment you need enough ‘muscle’ to absorb shocks. That puts leaders in a tough position: how do you ensure your organization stays agile?”

‘However uncertain the future may be, one thing Gartner always emphasizes is: you are also part of that future.’

Beyond the comfort zone

That starts with knowing your current position. “What can we afford, and what absolutely not? Where must we scale back operations ourselves? Second, it is crucial to stress-test your organization. For public organizations, this often feels like a far-off idea, but looking back at past crises shows that one of the outcomes is that organizations must be tested beyond the point where they feel comfortable.”

He points to the financial sector, where the ECB’s stress testing is used to assess solvency in extreme scenarios. “A public sector equivalent would also be useful: can you truly stress-test your organization? Can you apply a form of chaos engineering in a public setting, to see not only at the margins but especially internally what happens under pressure?”

Mobilizing for change

If the stress test is done properly, the third point follows: how do you mobilize your people and organization to absorb change? “Do you need to rethink roles, adopt new ways of working? Should you even plan differently?”

“When these aspects are well designed, you’re ready to take on a leadership role in redeploying your capabilities, aligned with a future you can understand. Because no matter how uncertain the future is, one of Gartner’s key messages is: you are part of that future yourself. It’s not a film unfolding before your eyes where you have no influence. You are a participant, a player in this story. And you need to be aware of that, so you can actively steer it. That’s the fourth point.”

Risk management

Risk management in government today is mostly about avoiding negative risks. “Rarely do we look at the positive side of risk management, such as the opportunities risks can create. This skips an important aspect that relates to resilience engineering: the ability to see growth opportunities in risks. People quickly assume: with a resilient organization, we’ll be fine.”

But in practice, resilience often means keeping everything the same. “You’re like a rock in the surf: you stay put while everything around you changes. The question is whether that’s true resilience. Or should we think more in terms of bamboo that bends with the tensions and shocks hitting an organization? Yet if you are agile without knowing where you stand or where you’re going, you may be agile—but moving in the wrong direction.”

Data-driven, with limits

A related trend in Dutch public policy is the ambition to become more data-driven. “But many organizations fail to realize that data is by definition based on the past. When you work with data, you are always looking in the rear-view mirror. You don’t see what hasn’t happened yet. Data tells you nothing about future developments that are still to come. Organizations that lean heavily on data-driven approaches must therefore also be aware that they do not have the full picture.”

All these considerations tie into one central message: public organizations in the Netherlands should not fight uncertainty. “They should instead allow uncertainty into their organization and make it a full-fledged management theme. Uncertainty is something you must continuously learn to deal with, day by day.” 

THE HUMAN DIMENSION:

AI and Leadership Converge at Gartner IT Symposium 2025

At Gartner IT Symposium/Xpo 2025 in Barcelona, Gabriela Vogel, Vice President Analyst Executive Leadership, and Rob O’Donohue, VP Analyst, Executive Leadership at Gartner, will take the stage as keynote speakers. In this exclusive interview, they discuss preparations for the global event, the role of artificial intelligence within organizations, and the shifting responsibilities of leadership in an era of technological transformation.

Delivering a keynote at the Gartner Symposium is no ordinary task. Gabriela Vogel describes the process as intensive and lengthy: “It’s months and months of preparation. We started in March and it doesn’t end until the day of the keynote itself. We think about the themes, gather case studies, talk to clients, colleagues, and other analysts. We write scripts and test them, and then adapt them by region.” Creating a keynote, she explains, is much more than an individual effort: it is a collective project that requires months of joint commitment.

O’Donohue adds that it is a massive collective process: “I’d say at least 200 people are involved. People often say, ‘It takes a village,’ and it really is a village that makes this possible.” Vogel agrees: “Being on stage doesn’t feel like it’s just Rob and Gabriela—it’s all those people you feel standing there with you. You only realize this once you experience it yourself. You feel the strength of that collective effort, the awareness that you’re not standing there alone but carried by a team of hundreds, and that makes it an impressive experience.”

Value at the core, AI as a central theme

The keynote’s central theme is Agents

of Change. A widening value gap is emerging within organizations. Most are built for a different era. The data reflects this: 60% of CIOs see little return, while 40% experience some value but want more. That gap can only be closed if we reconsider our workforce, our operations, and even our functional and organizational identity. AI is not everything, but it transforms everything.

AI is not just technology; it also touches culture, strategy, and leadership. Vogel emphasizes that organizations with high AI maturity position this technology strategically. “Seventy-two percent of these organizations have

embedding AI within the organization.” Verizon is cited as another example, having established a cross-functional AI council with representatives from different business functions. This council helps shape strategy and is also responsible for execution within its own domain. Such structures ensure that AI is not a fragmented initiative but a coherent, organization-wide priority.

Co-creation and engagement

Successful AI implementation requires more than technology and strategy; it also demands employee buy-in and

‘People fear becoming redundant. Involving them in shaping the future helps reduce that uncertainty.’

AI governance and policy anchored at the C-level, with ethics experts and AI councils contributing to strategy.” This strategic approach is illustrated by the example of a Deutsche Telekom client, which addresses AI through collaboration. “They set up an AI alliance with partners to jointly develop generic AI solutions and share costs. That shows strategic thinking about

engagement. Vogel points to examples like Vizient and Clifford Chase, which implement AI through co-creation with staff. “They redesign roles together with their people: which tasks are automated, which are transformed? This creates inspiration rather than intimidation. Employees co-create the process, which increases their sense of control and engagement.”

O’Donohue introduces the concept of “fobo”, fear of becoming obsolete. “People fear becoming redundant. If you involve them in shaping the future, that reduces uncertainty. Leaders who communicate openly and transparently can manage that fear better. A great example is the ‘rumor roundup,’ where leaders meet weekly with employees to discuss rumors around AI. This creates open dialogue and prevents fear from embedding itself in the organization.”

This approach demands a fundamentally different attitude from leaders.

Vogel and O’Donohue stress the importance of empathy, transparency, and putting people at the center of technological change. By taking employees seriously and involving them in shaping their future work, organizations can not only ease fears but also build support for innovative AI applications. The result is a culture of trust and collaboration.

The changing role of the CIO

The CIO now operates in a dynamic field where technology is no longer confined to IT but permeates all layers of the organization. Vogel observes that the CIO role is becoming increasingly complex. “Technology is spreading across the entire organization. It is essential that a CIO knows what falls under their responsibility, what the strategic goals are, and how technology contributes to them.”

O’Donohue emphasizes that this requires a new form of leadership: co- leadership. “Take Moderna, which publicly explained how IT and HR were merged under the CHRO. It may be an exception, but it shows that every executive must become a technology expert. CIOs now have the chance to expand their influence, provided they can collaborate, build strong relationships, and demonstrate empathetic leadership.” According to them, the future of leadership lies in collaboration, shared responsibility, and a broad understanding of both technological and human dynamics within organizations.

Democratization and collaboration

Technology, Vogel notes, is evolving much like finance did in recent decades. “Finance used to be the CFO’s domain, but today every MBA student learns financial basics. Technology is moving in the same direction. Gartner works with franchise models for co-governance and co-leadership: how do you collaborate, how do you make joint decisions?”

This democratization of technology is leading to more cross-departmental

collaboration and broader technological awareness among non-technical leaders. Gartner research shows that 44% of CEOs see the CIO as the most AI-savvy executive, compared to just 7% for the CHRO. According to O’Donohue, this underscores the CIO’s unique position, but also the need to build bridges and share technological knowledge across the entire C-suite.

Toward the autonomous enterprise

AI not only accelerates processes but fundamentally changes the nature of organizations. Vogel highlights the concept of the autonomous enterprise: companies that operate based on self-learning software agents, deliver smart products and services to machine customers, and function within a programmable economy. “We’re seeing a move toward total agility, where companies are built flexibly and modularly. Composable thinking, distributed decision-making, and adaptive leadership are essential here.”

Examples such as Amazon and Tesla illustrate this shift. Amazon uses algorithms, AI, and robotics in its supply chain, while Tesla continuously improves its vehicles through overthe-air software updates. Yet research shows that 66% of companies are not yet AI-ready, while 68% are developing strategies to integrate human and AI capacity. There is still much work to be done to achieve true agility and autonomy. Gartner identifies five key components of the autonomous enterprise: autonomous operations, resource management, smart products, machine customers, and a programmable economy. Each of these requires redefining processes, decision-making, and leadership.

When asked what success at the Symposium means to them, O’Donohue responds: “If at the end of the keynote we know we have represented the village well—that’s when I know it was successful.” Vogel adds: “And if people afterward say something unexpected, like ‘that story touched me because…’ Then you know it had real meaning.” 

FROM AI EXPERIMENT TO ENTERPRISE-WIDE GOVERNANCE:

How CIOs accelerate and keep transformation manageable

Both digital transformation and scaling up AI, from pilots to production, are high on the CIO’s agenda. This requires choices about architecture, data governance, security, and the organization of teams and processes. Dutch IT Channel spoke about this with Edwin Kanis, Director Marketing & Innovation, and Stefan Collet, Strategic Portfolio Manager at Axians.

Digital transformation is still hot, and CIOs are struggling with it. Understandably so, because the complexity is high!” says Collet.

“And alongside this transformation, the AI wave, or rather tsunami, has started, with potentially even greater impact on business processes and the knowledge and skills required. The questions we often hear are: where do you start, what is your ambition, what does your roadmap look like?”

Kanis adds: “CIOs must make choices across a wide spectrum: from cybersecurity and data centers to telecom and cloud. Those choices determine how agile you will be in the future, even though right now we have no predictive ability to look very far ahead.”

According to Collet, this complexity is at the core of the issue. CIOs must not only determine how to integrate technological capabilities into processes, but

‘What matters is how you bring people and processes along, and how you provide organization-wide direction’

also how to train and guide people. “Can you actually transform with the knowledge you currently have available?” he asks. With the rise of AI, another question emerges: how do you structure the technology in the first place? Kanis points out that in many sectors, technology is no longer merely supportive but has become an integral part of primary processes.

Choice complexity

These choices are significant and have long-lasting effects. A positive development is that CIOs increas -

ingly have a formal place at the boardroom table. “A few years ago, technology decisions were often made without real insight. That has changed. We now see CIOs playing a full-fledged role in strategic decision-making, even in sectors like government, healthcare, and education.”

Whether CIOs can truly become Agents of Change is not primarily about technology, the two stress. Kanis: “The technology is there. What matters is how you bring people and processes along, and how you provide organization-wide direction.” Collet emphasizes the importance of frameworks: “CIOs need methods to oversee and adjust transformations. Especially in AI, where we all still have limited experience. Can you inspire and guide your organization into an entirely new way of working, while also offering the certainty every employee needs? That’s what’s being asked of CIOs.”

Connecting intelligence

The way Axians helps organizations starts with clarifying ambition. “We begin with enterprise architecture,” explains Collet. “What is your context, what is your point on the horizon? From there we move toward concrete results across the chain, from data to security.”

Kanis adds: “We don’t paint abstract visions. We guide you from ambition to results with a complete portfolio covering IT infrastructure, data, AI, and governance. We support specific market segments with dedicated client teams. These teams know the sector and our clients very well, which makes it much easier to accelerate innovation together. And because we are part of VINCI, a listed company, we meet the strictest compliance standards ourselves. We bring that expertise to our clients as well.”

DIGITAL STRATEGY

When it comes to AI adoption, Collet sees the market in different phases. “About 60% are still in the testing phase, often in Azure. Around 30% already have workloads running. And 10 to 15% are building a complete, proprietary AI stack. We provide solutions for every phase: from experiment to full AI infrastructure.” Axians summarizes this approach as connecting intelligence: connecting technology and people to create smart solutions together—whether for invoice processing, service handling, or decision-making.

Agents in practice

AI agents are increasingly playing a role in this. “We have agents that monitor the energy consumption of WiFi access points and automatically recommend savings,” says Collet. “Other agents analyze lifecycle management and advise replacement when the risk of failure rises.”

AI is also being applied in service processes: generative models read documentation and draft answers to customer questions, which employees then check and finalize.

A concrete example can be found at Climate for Life, known for brands such as Itho Daalderop, Klimaatgarant, and Trans-id. The company wanted to handle

service requests more quickly and consistently. After a workshop with Axians and Microsoft, use cases were selected and a proof-of-concept was launched. Axians implemented Maestro, a data platform on Microsoft Fabric, as the central foundation. From Maestro, AI models are fed product information and manuals, enabling incoming service emails to be automatically answered. Employees check and send the responses, ensuring consistent style and tone. Today, more than half of all questions are handled automatically. Next steps include monitoring, predictive maintenance, and feeding insights back to R&D and installers.

According to Kanis, this shows how AI, if properly embedded, can deliver tangible value: “These are no longer experiments—these are productive applications accelerating business processes.”

Injecting AI

There are other concrete examples as well. Axians already provides AI dashboards with health analyses through its Network as a Service proposition, which also tracks CO2 footprints. This is being applied in government, education, and the energy sector. In retail, video analytics are used to detect shoplifting and

‘These applications show that AI cuts across existing ICT landscapes’

shorten response processes. In finance, AI processes emailed invoices, links them to the right file, and routes them directly to payment.

“These applications show that AI cuts across existing ICT landscapes,” says Collet. “From infrastructure to applications, we are injecting AI step by step into all our services and solutions.”

Axians uses its own organization as a testbed. “We have more than a thousand employees using Microsoft Copilot,” says Kanis. “We also continuously analyze our own service processes and managed services to see how AI can add value. That way, we test what works and what doesn’t in practice—and use that experience in client projects.” Within VINCI, Axians’ parent company, there is also a strong overarching AI initiative, Leonard, which bundles knowledge internationally and supports business challenges across the group.

The right translation

It is essential that CIOs not only understand technology but also their sector and policies. “We give CIOs the right language for the boardroom. Over the past years, we have actively supported CIOs and IT directors from 77 organizations with tracks around questions like ‘how do I organize innovation’ and ‘how do I create a framework for digital transformation’—so that IT is clearly aligned with the board,” says Kanis. “Policies such as the national digitization strategy must be translated into concrete actions and numbers.”

Collet adds: “Through these tracks we provide up-todate knowledge, context, and the necessary frameworks. That speeds up decision-making and ensures alignment with strategic goals.” Axians will again launch a new track for its clients this year.

Stefan Collet

AI breaking through silos

They expect AI to blur the boundaries between traditional IT silos even further. “AI has the power to break through those silos,” says Kanis. “The question is: what will remain of separate infrastructure, data, and applications when AI becomes more generic?”

For CIOs, the challenge will be to design architectures that safeguard flexibility and compliance—even across platform boundaries. “Processes, governance, and capability-building are becoming just as important as technology choices,” Collet stresses. “Especially as more new technologies become available at reasonable cost—like satellite communication now, and soon Artificial General Intelligence, Superintelligence, Quantum, and Biotech. It’s a hyper-interesting time!” Kanis concludes. 

‘ People Are the Key to Cybersecurity’

Technology is evolving rapidly, but organizations are increasingly realizing that successful digital transformation is not only about systems and processes. The human factor is proving to be just as important. Lijong Tjang A Tjoi, Senior Director of Sales International at KnowBe4, explains how CIOs can tackle this challenge by no longer seeing employees as the weakest link, but rather as partners in securing digital innovation.

According to Tjang A Tjoi, the CIO’s role is changing fundamentally. “Where the CIO was once mainly seen as responsible for IT and infrastructure, we now increasingly see the role of change manager. It’s about transforming business activities with technology, processes, and people. CIOs must strike a balance between driving innovation and managing risk.”

That balance has become more complex with the rapid introduction of new technologies, especially in the field of AI. CIOs face both opportunities and new threats. Here, KnowBe4’s Human Risk Management platform, HRM+, plays a crucial role. “Traditionally, the user was portrayed as the weakest link in cybersecurity,” says Tjang A Tjoi. “We help CIOs see employees as critical partners in defending against cyber threats.”

From Weakest Link to Partner

This shift in mindset is essential. Instead of treating employees as a risk, they are involved in defending against cyberattacks. That requires a cultural change.

‘Human actions are in most cases the root cause of a successful attack.’

“Our HRM+ platform supports that transition,” explains Tjang A Tjoi. “With our DEEP framework— Defend, Educate, Empower, Protect—we offer CIOs a structured approach to managing the human side of technological change. Security then stops being a barrier to innovation and becomes an enabler.”

A key part of this is making human risk measurable. KnowBe4 uses data-driven analytics for this purpose. “We show how vulnerable an organization is to phish -

ing attacks, which departments carry elevated risks, and which individuals need extra support. Based on these metrics, CIOs can make informed decisions— for example, where additional training or budget is needed.”

Quantifying Human Risk

Where risks around systems and infrastructure have been measurable for years, this was long not the case for human behavior. KnowBe4 changes that by analyzing behavior and translating it into clear metrics.

“We have fifteen years of behavioral data that we analyze with AI,” says Tjang A Tjoi. “That allows us to detect, for example, a sudden spike in phishing clicks within a department in real time. CIOs and security teams can then respond proactively.”

The data shows that the biggest danger still comes from social engineering. “Between 70 and 90 percent of successful attacks are caused by social engineering,” says Tjang A Tjoi. “Often it’s a simple click on a link in an email. We also see risks from not patching systems on time or compromised passwords. But the core remains: human actions are in most cases the root cause of a successful attack.”

Training, coaching, and providing real-time feedback to employees can drastically reduce that risk. “The key is not to do this generically,” stresses Tjang A Tjoi. “It’s about personalized education, tailored to the behavior and risk profile of each employee. Not onesize-fits-all, but custom training.”

Broad Organizational Impact

The topic of human risk management touches multiple disciplines within organizations. Beyond CIOs and CISOs, HR, compliance departments, and SOC teams are also involved. “Security is not just about technology; it also concerns behavior, culture, and policy,” says Tjang A Tjoi. “That’s why multiple stakeholders

HUMAN RISK MANAGEMENT

are part of our programs. A holistic approach is necessary to be effective.”

This aligns with Gartner’s theme Agents of Change. The CIO must bring parties together and ensure broad organizational support for secure digital working. Partners play a crucial role here. “Our goto-market model is partner-driven,” says Tjang A Tjoi. “Partners advise customers and guide them in the transition to human risk management.”

AI as Driver and Threat

AI plays a dual role: both as a driver of innovation and as a source of new threats. Attackers are using AI to make phishing attacks more convincing and scalable.

“We see an exponential increase in AI-driven attacks,” warns Tjang A Tjoi. “Attackers use AI to create persuasive phishing emails or commit identity fraud through deepfakes.”

On the other hand, AI also helps organizations

defend themselves. KnowBe4 uses AI to analyze risk profiles and provide personalized training. “It’s not about surveillance but about giving employees the right support at the right time,” Tjang A Tjoi explains.

“If someone has a high-risk profile, they receive more coaching. It’s supportive, not punitive.”

AI also helps integrate with existing cybersecurity stacks. By linking employee behavioral data with technical signals from, for example, SIEM or endpoint systems, a richer picture of risks emerges. “That way we can reduce false positives and give security teams more room for strategic initiatives.”

Practice

KnowBe4 works with more than 70,000 customers worldwide, from multinationals to SMEs. Although specific names are often confidential, Tjang A Tjoi sees clear trends. “Organizations that focus on personalized training and continuous coaching significantly reduce their risk profile. By integrating with existing security systems, they also gain faster insight into threats and can act proactively.”

A key difference from traditional approaches is that it’s not only about click rates during phishing tests.

“We focus on a holistic picture of user risks,” explains Tjang A Tjoi. “By structurally monitoring behavior and supporting employees in real time, you build a strong security culture. That goes beyond awareness; it ensures employees make the right choices every day.”

Compliance and Regulation

Beyond reducing risks, the HRM platform also helps organizations meet compliance requirements. Regulations such as the NIS2 directive set explicit demands for security awareness and processes.

“Compliance is here to stay,” says Tjang A Tjoi. “Organizations must be able to demonstrate they have implemented processes to strengthen their cyber resilience. Our platform supports that by giving insights into risks and showing which trainings and measures have been taken.”

“We will increasingly embed AI in our HRM+ platform. The goal is to help employees and organizations make the right decisions to protect their valuable data and assets with the support of agentic AI.

We want to use AI in a way that is transparent and trustworthy—one that strengthens the human factor rather than replaces it.”

Identity management as the foundation for secure AI adoption

CIOs are increasingly seen as the drivers of innovation, tasked with leading their organizations through the wave of digital transformation and AI adoption. In this landscape, identity management plays a crucial role. Mark van Leeuwen, Regional Vice President Benelux & Nordics at Okta, shares his view on the biggest challenges organizations face.

According to Van Leeuwen, there are few sectors where digitalization is not in full swing. “Whether you look at healthcare, government, or financial institutions—you see a strong acceleration toward cloud and digital processes everywhere. In recent years, AI has become the engine behind that digitalization. Organizations are mainly asking: how do I safely extract value from AI, for my platform, my applications, and my business processes?”

CIOs play a key role in this. “We see many CIOs truly stepping up as agents of change. Their role has shifted from risk-averse to future-defining. They don’t want to be the barrier to innovation, but the enabler. That is only possible if they can deploy AI applications securely, at scale, and in compliance.”

Non-human identities

One striking aspect Van Leeuwen highlights is the growth of so-called non-human identities. “Every AI agent, every autonomous process, or automated script essentially represents an identity within the organization. As AI adoption broadens, the number of these digital identities is growing explosively. CIOs must therefore secure not only human users but also integrate these non-human identities into their security and governance frameworks.”

Okta addresses this with a platform

that manages and protects both human and non-human identities. “We ensure CIOs have complete visibility into their identity landscape. That means insight into which identities exist, what rights they have, how they behave, and whether this is safe and compliant. This allows organizations to adopt AI without taking unnecessary risks.”

First-class citizens

Identity management is often already reasonably well organized for human users, with access through SSO or MFA commonplace, as well as automated lifecycle management for on -

agents active within the organization into the identity security fabric. “That is our concept of a holistic, secure layer around all identities in an organization. It ensures both human and non-human identities function securely and compliantly, remain fully visible, and operate within the right policy frameworks.”

Governance

Governance plays a central role in this. “AI opens enormous opportunities, but it’s not enough to look only at the attractive applications. Organizations must also think carefully about governance and ethics. How do you ensure AI

‘With AI agents, a whole new category of identities emerges. It is essential that organizations treat those identities as first-class citizens’

boarding, transfers, and offboarding. But the arrival of AI changes the rules of the game. “With AI agents, a whole new category of identities emerges. It is essential that organizations treat those identities as first-class citizens. In other words, as if they were employees. They need governance, clear policies, monitoring, and ethical safeguards.”

To facilitate this, CIOs can use the Okta Platform, which integrates all AI

agents don’t take unwanted actions? How do you guarantee compliance with regulations such as NIS2 or the AI Act? Identity governance provides the foundation for this.”

In practice, Van Leeuwen sees that organizations usually have their identity governance well arranged for human users, but far less so for AI-driven identities. “That’s where a major opportunity lies to reduce risk and strengthen trust in AI adoption.”

The CIO as an Agent of Change in a dynamic environment

At Gartner IT Symposium/Xpo 2025 in Barcelona, the theme Agents of Change will take center stage. The CIO is positioned as a catalyst for digital transformation in a time when AI, cyber threats, regulation, and geopolitical developments are shaping the course of the IT sector. Dutch IT Channel spoke with Eugene Tuijnman, CEO of SLTN.

According to Tuijnman, three issues remain high on the CIO agenda: cybersecurity, workforce continuity, and data governance. “Security is naturally top of mind, especially given the incidents we have seen recently. At the same time, the aging of IT teams is an issue. Experienced staff are retiring, and CIOs must decide: do I outsource, co-source, or look for other models?” Another concern is the vulnerability of data. “Companies are asking themselves whether their information belongs in the public cloud or whether private solutions are safer. This is also influenced by the growing impact of regulation such as NIS2, which makes not only companies but also executives personally responsible.”

This combination of threats and obligations leads to strategic questions. Whereas until recently it was common practice to migrate applications to the public cloud by default, there is now growing demand for hybrid models and local alternatives. “Private cloud providers are receiving more attention. In the Netherlands, Azure has traditionally been strong, but nowadays you see CIOs choosing hybrid models more often. The geopolitical context reinforces this trend.”

Geopolitics

According to Tuijnman, the influence of geopolitics should not be underestimated. The unpredictability of U.S.

policy choices and the intertwining of technology companies with political interests create uncertainty.

“The fact that the Trump administration suddenly took a stake in Intel without clear justification shows how dependent the world can become on political whims. Who’s to say this won’t happen tomorrow with Microsoft? If the U.S. government acquires a strategic stake in a company where virtually all European organizations store their data, that is a real risk. CIOs are increasingly taking this into account.”

Trade tensions also play a role. New

is still alive at companies, for example in fleets and energy consumption, but it is less central in CIO discussions.”

AI beyond the hype

An undeniable theme in Barcelona is artificial intelligence. For Tuijnman, the rise of agentic AI is especially interesting where it leads to concrete automation.

“Until now we have mainly seen AI in text applications such as ChatGPT. That is useful, but the real change comes with agentic AI that can follow up and execute workflows. The point is

‘The real change comes with agentic AI that can follow up and execute workflows’

tariffs or import duties can significantly affect the price and availability of IT products. Large manufacturers have no clear answers yet. “Even major IT suppliers say they cannot provide clarity on the impact of U.S. measures. That shows how uncertain the situation is.”

“Sustainability remains important, but in practice there are now more urgent issues. AI consumes a lot of energy, and that clashes with sustainability goals. At the same time, there is no consistent policy. Why should you pay for feeding solar energy back into the grid, when we actually need more sustainable generation? Sustainability

that systems not only provide answers, but also initiate actions. That is when AI becomes truly integrated into business processes.”

According to Tuijnman, such applications will become broadly visible within a year and a half, both in business and consumer use. “We all use WhatsApp, in which Meta AI is now embedded. Without realizing it, AI is entering our daily lives. For companies, this means they must now discover what the benefits and risks are.”

Tuijnman also points to the role of humanoid robots in combination with AI. “NVIDIA recently announced a chip that can function as a robot brain. If

VISION ON TRENDS

components like that become affordable and are combined with generative AI, robotics could accelerate rapidly. Especially if companies like Tesla start offering their humanoids at affordable prices. For relatively simple production work, that is attractive. This brings a digital 24/7 economy closer.”

Although CIOs are not concerned with such future visions on a daily basis, Tuijnman says the link with AI is highly relevant. “CIOs are focused primarily on compliance, staffing, and costs. Robots and AI are often still trendwatching for them. But as soon as generative AI can reliably carry out workflow tasks, it becomes a factor the CIO cannot ignore.”

China

In addition to the U.S., China is also

playing an increasingly important role in the market. Chinese companies are more often choosing to manufacture in Europe, for example in Hungary. “Lenovo is already producing there, presenting itself as European. That makes it harder to exclude Chinese suppliers in tenders. Moreover, Chinese products increasingly meet European standards and are competitively priced. Combined with unpredictable U.S. policies, you see a growing willingness in Europe to work with Chinese suppliers. The same is visible in the automotive sector, where Chinese brands have become fully-fledged competitors.”

Critical processes

For SLTN, this context means the company is focusing explicitly on managed services and niche markets such as

IBM AS/400 environments. “We recently signed a ten-year contract with a major insurer to keep AS/400 systems operational and modernize them.

With Watson Code Assist, we are even experimenting with AI programming in RPG, so that legacy applications can be adapted and, if necessary, converted to modern SaaS solutions with lowcode. This allows us to offer customers functionality on a subscription basis while keeping their critical processes running.”

SLTN is also investing in cybersecurity, with an emphasis on quantum-safe encryption. “The chance that you will be hacked is real. The difference lies in ensuring that stolen data remains unreadable. Real-time encryption, resistant even to future quantum computers, will become essential. That is closer than many people think, and we are investing heavily in it.”

Agents of Change

According to Tuijnman, the symposium theme Agents of Change has multiple meanings. For CIOs, it means balancing compliance, staffing issues, cost pressures, and the opportunities of AI. For suppliers and service providers, it means supporting them with managed services, innovative AI applications, and robust security solutions. And for the market as a whole, it means coping with geopolitical unpredictability and the influence of capital.

“CIOs are essentially facilitators of the course their organization chooses. They must enable that course with technology. At the same time, they face forces over which they have little control: geopolitics, private equity, regulation. Our role as SLTN is to support CIOs with solutions that keep them agile, so they can fulfill their role as agents of change.” 

‘ Make sure you as CIO are part of the plan –not part of the problem’

The role of the CIO is in transition. Where technology was long seen as primarily supportive, today’s digital reality demands leadership. According to Pieter Molen, Country Director at Trend Micro, this is the moment for CIOs to become true Agents of Change in shaping digital transformation and cybersecurity strategy.

CIOs face a series of complex challenges, but within that complexity also lie great opportunities. Molen believes it is essential that CIOs do not allow themselves to be pushed back into the role of executing “technicians,” but instead position themselves as strategic directors of change.

“If you embrace the speed of technological developments while ensuring solid governance and risk management, you can, as CIO, truly contribute to business innovation.” Those who fail to take on this directing role risk being sidelined, and ultimately held accountable for decisions in which they had no influence.

“It’s not just about facilitating—it’s about enabling the business to innovate,” Molen emphasizes. “If you only keep thinking in terms of limitations and not in opportunities, you sideline yourself as CIO. Then you won’t be a change agent; instead, you’ll inherit all the problems created by others.”

AI: the new ‘bring Your own’

The rapid acceleration of technology plays a central role here. “Just as we saw earlier with the rise of cloud and SaaS, AI is now often introduced outside of the IT department. With cloud, we saw business units contracting their own vendors without involving IT. That led to shadow IT, loss of control, and increased risks. The same thing is happening now with AI.”

Molen argues that CIOs must actively position themselves as full-fledged partners to general management and business units. “Are you part of the plan, or do you become part of the problem that arises without your involvement?”

“Generative AI is currently being used in many places without any policy in place, let alone control,” he says.

“Confidential information is copied into ChatGPT or other tools without realizing that this data may inadvertently be shared or stored. Suddenly, you have a GDPR issue before you even notice.”

New forms of ransomware

Ransomware is a good example of how threats are evolving. Where attackers once encrypted systems to demand

about data exfiltration and extortion. Organizations receive a message: buy back your own data, or we will publish it.”

Organized crime and nation-state actors

Molen identifies two fundamental categories of threats: organized cybercrime and nation-state actors. “Organized criminals increasingly operate ransomware-as-a-service, complete with helpdesks and negotiation services. Some are more customer-friendly than commercial service desks, as long as you pay.”

On the other side are nation-state actors such as Russia, North Korea, and China, but sometimes also Western allies. “Very few countries are holier-than-thou. Nation-states have dif-

‘The systems on which AI runs must be just as well protected as traditional IT.’

ransom, they now increasingly steal confidential information and use it to blackmail companies. “The advantage for attackers is that they don’t need to perform encryption, which requires less tooling. It also stays more under the radar. The organization suffers damage, not by systems being shut down, but by the threat alone—often enough to make them pay.”

“The traditional form of ransomware is being bypassed more often. Now it’s

ferent goals: information and strategic data. They want to remain unnoticed inside an organization for as long as possible.”

“There are known cases where hackers remained present in a network for years without being detected,” Molen adds. “Their goal is not immediate money, but long-term access. Sometimes an organization has no idea that their systems have been observed for months or years.”

NIS2

The greatest threat lies in the invisible.

“The fact that you’ve never received a ransomware note does not mean you haven’t been attacked. Some organizations have already been compromised for months, or even longer, without knowing it.” Continuous monitoring is therefore essential. NIS2 can play an important role here. “Many organizations see NIS2 as just another compliance obligation, but it is actually an excellent manual for truly improving your security.”

“It all comes down to insight,” he says. “What does your IT infrastructure look like, including cloud, SaaS, partner connections, and of course how and where AI is being deployed? What are your real risks, not just technically, but also in terms of impact? How do you compare to similar organizations?” He emphasizes that with such insights,

CIOs can make well-founded decisions. “A risk that occurs once every twenty years but requires millions to mitigate may rank lower than a recurring problem costing €1,000 per month.”

AI as risk and as solution

AI brings new challenges, but here too, basic measures remain essential. “The systems on which AI runs must be just as well protected as traditional IT. But there is more: controlling prompt usage, data flows, and access management.”

Trend Micro is working on both sides of the AI challenge. “We deliver security for AI by protecting the infrastructure on which AI runs, but we also use AI for security. Our Cybertron LLM helps our customers better defend themselves, predict attack patterns, and determine where the greatest risks lie.” This is crucial because prevention is better than cure.

Sovereign environments

Another development Molen observes is that more organizations are building their own AI applications. “This leads to demand for private AI environments— fully controlled environments where companies train their own models, increasingly in fully sovereign setups.” Trend Micro is developing security solutions for these sovereign private stacks, together with partners such as NVIDIA.

“We see a clear trend toward sovereign IT services,” says Molen. “Organizations want full control over their models, infrastructure, and data—often separate from public platforms.”

Partners

The partner ecosystem is becoming increasingly important. “Security has become a C-level topic, but not every organization has the capacity to handle everything themselves. Partners can support their customers with managed services and strategic advice.” Molen also sees partners transforming their own business models. “Our solution functions as an enabler. With it, you can not only secure but also build new consultancy and service offerings.”

“By positioning themselves as strategic directors of change, CIOs can not only drive technological innovation but also proactively manage risks and develop effective strategies. Leveraging compliance, AI, and security as tools rather than obstacles gives CIOs the opportunity to strengthen their role and make a crucial contribution to the sustainable growth and continuity of the organization.” 

Tanium helps CIOs create order in complexity

CIOs and other leaders today must not only guide change but actively drive it. In a time when cyber threats are becoming more advanced, budgets are under pressure, and AI technologies raise both new promises and new concerns, the role of the CIO has changed dramatically. In a conversation with Conrad van Veenendaal, Director of Strategic Accounts at Tanium, and Dan Jones, Senior Security Advisor EMEA at Tanium, it becomes clear that the challenge for organizations lies not primarily in technology, but in people, processes, and the art of collaboration.

Dan Jones points to a striking trend: the recognition that cybersecurity and IT management no longer remain within the boundaries of a single organization. “Everyone in an operational role, from an engineer at the keyboard to executives at board level, knows that collaboration beyond one’s own walls is essential,” he says. “That applies both to engagement with vendors and to information exchange with peers in other organizations or sectors.”

A recent example he cites is a Dutch government agency that became the victim of a large-scale DDoS attack. Although the incident was not specifically targeted at that department, information had to be shared with colleagues at great speed. “In that moment, you need to be able to call someone and ask: is this also a problem for you? Without those informal rules, you’re on your own.”

According to him, this underscores that collaboration has a human dimension that is just as important as technical measures. “Cybersecurity is larger than the borders of an organization. You need others to understand what is happening and how to respond.”

Platform approach

Alongside this human layer, Jones sees

a clear technological shift. Organizations want to achieve more with fewer resources. “A few years ago, effectiveness was all about how quickly a new product could be rolled out into the IT environment,” he explains. “But that often led to an uncontrolled sprawl of dozens of solutions, each requiring additional engineering to make them work together.”

In his view, the era of product stacking is over. The trend is toward consolidation and what he calls “platformiza -

safer or more efficient? The answer is usually ‘no’. More tools is not the solution.”

Agents of Change

How can a vendor contribute in this landscape? Tanium’s strength, according to Jones, lies not only in technology but in supporting organizational change. “Technology is often the easy part. The real challenge is how to achieve more outcomes with the same resources—people and money. That

‘Technology is often the easy part. The real challenge is how to achieve more outcomes with the same resources—people and money.’

tion”: fewer tools used more broadly. “It’s moving from forty individual products to a single platform. That demands change, and change is difficult because people are not naturally fond of it. But in cybersecurity, it’s the only constant.”

Conrad van Veenendaal recognizes this in discussions with representatives of the Dutch government. “I sometimes joke that they have nearly every software product under the sun. But if you ask the CIO or CTO: has that made you

requires leadership, culture, and trust.” He sees his role as broader than product consultancy. “I help CIOs and CISOs operate as agents of change. Sometimes that means providing reassurance, sometimes concrete advice. The most important thing is that they know they’re not alone. Everyone struggles with the same challenges, whether you work in defense or in the financial sector.”

Van Veenendaal adds that Tanium distinguishes itself by not only deliv -

ering technology but also connecting customers. “We take delegations to international conferences, we share best practices, we show how other organizations tackle the same issues. That’s just as valuable as the technology itself.”

Doing more with less

Van Veenendaal continues: “CISOs tell me they need to deliver more, not only with smaller budgets but also with fewer people. The labor market is tight, and a large part of the existing workforce is retiring. So there’s a double challenge: financial and resource-related.”

That is why the demand for efficiency is growing. How can organizations automate processes and reduce workloads? Jones highlights the role of AI, while also putting the hype in perspective. “I often hear that AI is equivalent to Terminator-like scenarios. But in practice, it starts with automation and orchestration: letting computers do more of their own work so people can focus on more complex tasks.”

Autonomous endpoints and cyber hygiene

A concrete example is autonomous

endpoint management. “Many attacks begin with simple reconnaissance: looking for open back doors,” says Jones. “If you depend on people manually pushing buttons to respond, you’re too late. Computers must be able to maintain their own cyber hygiene and close basic vulnerabilities themselves. Staff can then sense-check and concentrate on strategic threats.”

This shifts the role of the IT professional. “It’s not about people losing their jobs,” Jones emphasizes, “but about enabling them to focus on higher-value tasks. Leadership is crucial here: staff need to feel supported and understand that technology is there to help them, not replace them.”

AI in practice

AI nevertheless raises fundamental questions, particularly in boardrooms. “Companies are investing in tools like Copilot,” says Jones, “but the key question remains: what does this deliver to the bottom line? Working more efficiently is great, but how do you translate that into financial benefits?”

At Tanium, AI is used in cooperation with tools such as Microsoft Security Copilot. “Because Tanium can provide real-time data, Copilot can answer

questions like: ‘What is my biggest risk today?’ Tanium AEM can then immediately suggest fixes and begin remediation,” Jones explains. “This lowers the threshold for less experienced staff to help manage an organization securely.”

Van Veenendaal notes that the Dutch government is cautious about adopting AI, partly because of privacy rules and past scandals involving data-driven decision-making. “AI is currently used mainly for practical purposes, such as transcriptions or meeting summaries. They are still reluctant when it comes to strategic decision-making. Governance and transparency are crucial prerequisites.”

Leadership above technology

Technology therefore plays an important role, but it is rarely the problem. The real difference is made by leadership, vision, and the willingness to let go of old habits. As Jones puts it: “Change is the only constant. The question is not whether, but how quickly your organization can adapt. The CIO who leads from the front makes the difference between merely surviving and moving forward.” 

Cybersecurity as a catalyst for digital transformation

“Cybersecurity is often seen as a cost center, but in reality it is a catalyst for digital transformation,” says Anne Karine Hafkamp, Benelux Director at mnemonic. In the run-up to Gartner IT Symposium/Xpo 2025 in Barcelona, where the theme Agents of Change takes center stage, she emphasizes that CIOs and CISOs increasingly want to know how security can not only reduce risks but also accelerate innovation.

That question is more urgent than ever. Organizations are heavily investing in AI and cloud-first strategies, but these very transformations introduce new threats. Hafkamp: “Decisions to apply AI also introduce new risks. It’s important for CIOs to understand that impact so they can make strategic choices without losing sight of security.”

Strategic partnership

mnemonic positions itself as a strategic partner for CIOs and CISOs. “We always aim for a partnership that goes beyond a technical implementation,” Hafkamp explains. “It’s about acting as an extension of the organization— setting up governance, processes, and technical measures so that security maturity increases. Not only now, but with the future in mind.”

That strategic perspective is necessary to give CIOs the space to fulfill their role as agents of change. Operational security tasks can distract CIOs from their transformation agendas. “Through our services, we relieve the CIO and the C-level of operational burdens. That gives them the room to truly focus on transforming their organizations,” says Hafkamp.

Cloud migration and compliance

One concrete example is a large municipality where mnemonic provides 24/7 Managed Detection and Response

(MDR) services. “We standardized dashboards and reports so the CIO has direct insight into risks and performance, without having to collect all the data themselves,” Hafkamp explains. “That saves time and makes it possible to pursue a cloud-first strategy without compromising security.”

Compliance is also playing a growing role. With the arrival of the NIS2 directive, security is not just an innovation enabler but also a legal obligation. “Security must enable innovation, but it also safeguards governance and compliance. That makes it strategically relevant for every organization.”

indistinguishable from the real thing.” Research and development have been a cornerstone of mnemonic for 25 years. The company works closely with universities, governments, and industries on practical research projects to develop new standards and solutions for complex cybersecurity challenges. Wherever possible, mnemonic makes results publicly available. “That way, we not only contribute to innovation in the market but also ensure our customers benefit from the latest insights,” says Hafkamp.

‘Sustainability for us also means optimizing existing software and infrastructure, so customers don’t have to make unnecessary investments’

New threats from AI

The CIOs mnemonic engages with often have the same core question: what is AI’s impact on security? “The reality is that AI brings both opportunities and threats,” Hafkamp says. “Phishing remains the biggest threat worldwide, but AI is making attacks much more sophisticated. Where poorly written emails used to be easy to spot, AIgenerated messages are now nearly

A current example is the AInception project, supported by the European Defence Fund. Here, mnemonic is researching how AI tools and techniques can improve cyber defense operations. The focus is on AI-driven detection for military IT/OT systems and AI-based contextualization of alerts for riskaware response. All knowledge and results from such R&D initiatives eventually flow back into commercial services. Hafkamp: “This ensures we keep innovating and improving our services so customers are better protected.”

Security across multiple levels

Because the impact of security challenges is both technical and strategic, mnemonic emphasizes the importance of engaging with different levels of the organization. “The CIO looks primarily at business impact and sees how security can support digital transformation. At the same time, the CISO must understand the technical implications,” says Hafkamp. “Both perspectives are necessary. Business and technology cannot be separated.”

To bridge that gap, mnemonic developed dashboards that translate cyber risks into KPIs. “This allows a CIO to demonstrate exactly where security investments have had the greatest effect on risk reduction and trust. It makes budget discussions far more transparent.”

IT and OT

Another theme increasingly on the CIO agenda is the security of operational technology (OT). mnemonic has more than a decade of experience here, rooted in the company’s Norwegian origins in the energy sector. “The integration of IT and OT is complex,” Hafkamp explains. “OT systems have longer lifecycles, use different protocols, and were originally closed networks. But digitalization is forcing them to become more accessible, which introduces new risks.”

That urgency is reinforced by the NIS2 directive, which obliges many critical sectors to take action. “We can integrate IT and OT into one overview, giving organizations a complete picture. That is unique, because IT and OT are often still separate worlds that struggle to communicate with each other.”

“Since we operate both an IT SOC and an OT SOC, we can bring the two

domains together in one view. Customers then have a single partner who understands both worlds. That avoids clashes between different parties speaking different languages.”

Ecosystem and partnerships

In the fast-changing security market, mnemonic collaborates closely with technology partners and vendors. “In addition to our own SOC services, we integrate solutions from suppliers that are state-of-the-art and extensively tested by us,” Hafkamp says. “Where needed, we combine their technology with our services to offer a complete solution. Especially in AI, vendors are evolving rapidly—and we embrace that.”

For the near future, mnemonic is focusing on further deepening OT security, as well as on threat intelligence and threat hunting. Hafkamp: “Cybersecurity remains a cat-andmouse game. With more than 400 specialists, we are fully focused on preventing and detecting attacks. At the same time, we are the safety net if

something does go wrong. Continued investment in knowledge and expertise is essential for organizations’ longterm survival.”

Sustainability and human capital

Beyond technology and processes, Hafkamp also emphasizes sustainability — both in terms of ESG goals and in the way mnemonic manages its people. “Sustainability for us also means optimizing existing software and infrastructure, so customers don’t have to make unnecessary investments. Our technology-agnostic platform enables integration without repeatedly reinvesting.”

But sustainability also applies to the organization itself. “We put work-life balance at the center. Our absenteeism rate is below 3 percent, and staff turnover has been under 5 percent for years. That provides stability and certainty for customers as well,” Hafkamp says. “We are growing steadily, which makes us relevant for the long term.” 

AI-DRIVEN IT OPERATIONS:

LogicMonitor helps CIOs do more with less

The role of the CIO is changing rapidly. Where it once focused primarily on managing infrastructure and keeping systems running, today’s CIO is increasingly under pressure to directly support the business in growth and innovation. Three themes dominate: the need to do more with fewer resources, the complexity of hybrid IT landscapes, and the use of artificial intelligence to make processes smarter and more predictable.

In this landscape, LogicMonitor positions itself as a partner for CIOs who want to bridge the gap between IT performance and business value. Vincent Onderdelinden, Regional VP Sales at LogicMonitor, sees daily how organizations struggle to make optimal use of their IT capacity. According to him, CIOs’ agendas are currently dominated by one fundamental question: how can we do more with less?

“Organizations must keep delivering new projects, such as cloud migrations or application development. But in reality, IT support teams still spend too much time on daily incidents. Problems that could be resolved at first line often end up with secondand third-line engineers. As a result, they lack the capacity to tackle the truly critical issues.” This inefficiency slows down innovation programs and prevents CIOs from achieving their strategic goals. The pressure to deploy IT resources more intelligently continues to grow.

Control

LogicMonitor helps CIOs gain control over this challenge. The core of its proposition is complete end-to-end visibility into the hybrid IT landscape: from networks and servers to cloud environments and applications. “Many monitoring solutions are fragmented,” Onderdelinden explains. “We bring all those components together into one platform. That gives the CIO not only insight but also control. Crucially, it

goes beyond reactive action—it enables proactive and predictive operations.” This lays the foundation for a model in which incidents are detected earlier, often even prevented, and the IT organization becomes more predictable and agile.

Automation is a key part of LogicMonitor’s approach. Where traditional monitoring environments often require manual setup and maintenance, LogicMonitor opts for a largely automated process. “A good example is our collaboration with SAP in Germany,” says Onderdelinden. “There, thousands of network devices needed to be monitored in a short time. Within two days, most were operational on our platform. That’s only possible thanks to extensive automation and the out-of-the-box value proposition we provide.” Speed and scalability, he notes, are essential at a time when IT landscapes are constantly changing and companies are adopting new technologies ever faster.

Edwin AI

Beyond automation, AI plays a central role in LogicMonitor’s vision. The company has developed an AI layer called Edwin AI, named after astronomer Edwin Hubble. “Edwin AI is designed to evolve into an IT operations assistant,”

explains Onderdelinden. “It can correlate events and issues, perform root cause analyses, recommend contextual solutions, and eventually resolve problems autonomously. This significantly boosts engineer productivity without requiring IT organizations to grow in size.”

This approach fits into the broader trend of AIOps, where IT operations processes are increasingly supported—and sometimes even taken over— by AI.

With the rise of AI comes the question of transparency and reliability. Especially now that the European AI Act sets clear guidelines, explainability of AI is crucial. “We find it important that customers understand why the AI makes a recommendation,” Onderdelinden emphasizes. “That’s why mechanisms are built into the platform to log and validate AI actions. Recommendations are always presented in a traceable way, so they can be integrated into existing ITSM processes. This ensures AI remains reliable and manageable.”

Value

The value of this approach is evident across industries. For example, LogicMonitor helps hospitals guarantee continuous access to electronic patient

‘Previously, it could take hours to detect incidents. Now problems are identified proactively’

records (EPRs) and proactively monitor critical equipment such as MRI scanners. “In healthcare, downtime can immediately impact safety and quality of care,” says Onderdelinden. “By detecting issues early, we ensure doctors and nurses always have access to vital information.”

Another example is a Belgian logistics company that consolidated six monitoring tools into LogicMonitor. The result: 75 percent fewer incidents and faster delivery of medication, directly improving the quality of healthcare supply chains. In aviation, too, the impact is tangible. A major airline uses

LogicMonitor to monitor around twenty applications essential to flights, crew planning, and booking systems. “Previously, it could take hours to detect incidents. Now problems are identified proactively, leading to fewer delays, fewer claims, and higher customer satisfaction.”

Partners

LogicMonitor also works closely with technology and implementation partners to strengthen its proposition. “We have integrations with major tech vendors such as Cisco, AWS, Microsoft, and ServiceNow,” says Onderdelinden.

“And our network of implementation partners is expanding rapidly, with organizations like NTT, Deutsche Telekom, and Infosys. This ecosystem is essential to support enterprise customers worldwide.”

Looking ahead, LogicMonitor is focusing on Autonomous IT and Agentic AIOps, where IT operations are not only monitored but actively enhanced with AI. “We are moving toward a situation where AI agents act as virtual colleagues,” Onderdelinden explains. “They analyze data, find solutions in internal documentation or vendor systems, and automate tasks that would otherwise fall to IT support teams. This creates an ecosystem of virtual employees that makes the entire IT chain more efficient.”

What is becoming increasingly important, he says, is the link between IT performance and business outcomes. “It’s no longer just about whether a network is functioning. CIOs want to know how IT contributes to uptime in factories, availability of point-ofsale systems in retail, or reliability of e-commerce platforms. LogicMonitor makes these connections visible, showing directly how IT impacts revenue, customer satisfaction, and risk management.”

The CIO as director

This shifts the CIO’s role from operator to director of change. Technology partners like LogicMonitor support them in that transition by automating operational processes, making them predictable, and linking them directly to business objectives. With AI-driven agents, end-to-end monitoring, and a strong ecosystem, LogicMonitor aims to enable CIOs to truly become Agents of Change: leaders who deliver more impact with fewer resources and thereby accelerate digital transformation. 

Digital autonomy, open source, and the new role of the CIO and CTO

The digitalization of organizations is at a tipping point. Whereas CIOs and CTOs were long focused mainly on cost control and consolidating infrastructure, the agenda is now shifting toward innovation, digital autonomy, and strategic decision-making. IT leaders are becoming architects of renewal, tasked with making choices about data, cloud, open source, and artificial intelligence within a geopolitically and economically complex environment.

In this context, Bert Boerland, Senior Account Executive at SUSE, places the discussion in a broader perspective. He outlines how organizations balance efficiency at the core with experimentation at the edges of their IT landscape, how multi-vendor strategies and open source are becoming tools to avoid lock-in, and how the shift from cloud to on-premises relates to the search for greater control over data.

From cost reduction to innovation

According to Boerland, a clear change is visible in his conversations with CIOs and CTOs. Where the focus a few years ago was on reducing costs, it is now increasingly on innovation.

“In the past, it was about cutting as deep as possible, down to the bone, so to speak. Now it’s about building muscle. Cost reduction hasn’t disappeared—commodity services will always have to become cheaper—but investment is moving more and more toward the periphery, the edges of the IT landscape where experiments can be carried out with new technologies such as AI.”

He compares this to the development of cities. At the center everything is tightly organized and standardized, like an American grid. But it is at the fringes, in creative hubs, where

innovation emerges. “It’s the same in IT: the core must remain efficient and standardized, but renewal flourishes at the edges. That’s where the money is going.”

Digital autonomy

A key theme in this renewal is digital autonomy. Boerland emphasizes that he prefers to speak of autonomy rather than sovereignty. “Sovereignty suggests you can be completely independent, but that is an illusion. Technology is by definition a chain of international

ibly with standards and dependencies. That is also where SUSE is strong: open by design, sovereign by choice.”

Back from the cloud

Another movement Boerland describes is organizations pulling their data and applications back from the cloud. “We see a trend back toward on-premises, combined with open source. That is the highest form of autonomy. This is particularly important in the public sector, where sensitive data cannot simply end up in another

‘Autonomy means consciously choosing where you want to have dependencies, and where not’

cooperation. Chips come from Taiwan, assembly from China, software from the U.S. or Europe. Autonomy means consciously choosing where you want to have dependencies, and where not.” In practice, this translates into growing interest in multi-vendor strategies and open source. Organizations want to be less dependent on a few large suppliers and are looking for alternatives. “We see, for example, that Red Hat is struggling in Europe and that governments are actively looking at replacement solutions. Open source allows organizations to deal more flex-

jurisdiction. With geofencing solutions, we ensure that data and management remain within Europe, carried out by people with European passports. For some customers, that is crucial.”

Boerland acknowledges this may be less efficient than a global follow-thesun approach, but that it may be necessary to meet the demands of digital autonomy.

Renewed appreciation for Linux

Another shift Boerland observes relates to the desktop. Where office

automation for decades relied on heavy clients and local applications, the browser has increasingly become the central workstation.

“If you ‘live’ in the browser, it no longer really matters which operating system you use. That opens the door to lighter, cheaper alternatives, including Linux desktops. We see renewed interest in the public sector for SUSE Linux Enterprise Desktop, often combined with Nextcloud and other open source solutions. This allows organizations to reduce lock-in and increase digital autonomy.”

According to Boerland, this is not a return to old debates about Linux versus Windows but a new reality in which the browser is central. “The point is that you have the freedom to choose, and that is exactly what open source stands for.”

AI

SUSE has deeply embedded AI into its proposition. “We use AI in our services, for example in support and security, but always with people in control. Bias and false assumptions are a real risk. Open source offers an important counterbalance here: transparency and control remain with the user.”

In addition, SUSE facilitates AI workloads through Rancher, the company’s Kubernetes platform. “On Rancher, a wide range of workloads run, from the website of the Dutch House of Representatives to DigiD. AI can run on it just as well, often with GPUs. We provide the infrastructure and work with partners who develop AI applications. Our role is on the DevOps and infrastructure side, not in the application itself.”

Partners

SUSE, Boerland stresses, is a fully partner-driven organization. “Our customers are our partners. We provide the technology and knowledge, but implementation, management, and often innovation come from partners. That is why we invest heavily in partner programs, both globally and locally.”

Boerland believes that growth in IT does not necessarily mean everything must become bigger, but that quality must improve. “We need to redefine growth. It’s not about more systems or higher towers, but about more value, better quality, more autonomy.”

The human dimension

With AI, this is even more important. Boerland points to the risk of AI being trained on AI-generated data, which can lead to distortions. “We need to be critical about that. AI must serve people, not replace them. There will always be domains where AI can operate autonomously, but there will also be situations where a human must remain in control. That distinction will be crucial in the coming years.”

He therefore calls for clear rules and philosophical debates about the boundaries of AI. “We are only at the beginning. Quantum computing and new forms of AI will radically change the world. Technology should be allowed to develop, but we must set limits on how we handle data and how AI makes decisions.”

What matters, Boerland concludes, is the awareness that technology is always embedded in a broader context of people, processes, and societal values. “Technology has no limits to growth. But how we shape that growth—that is where the real choices are made.” 

Agents of change: AI moves to the core of the business

Artificial intelligence has rapidly shifted from experimental projects to a strategic priority. Organizations see the potential but struggle with how to deploy AI at scale and in a responsible way. At the upcoming Gartner IT Symposium/Xpo 2025 in Barcelona, themed Agents of Change, the role of the CIO in this transformation process will be central.

DuIn the run-up to the event, Dutch IT Channel spoke with Anna van den Breemer, Partner at EY and responsible for the AI Lab there, about the current state of the market. She sees that CIOs can no longer afford to wait: “The biggest pitfall is doing nothing. AI is changing the way processes are structured. It requires experimenting, learning, and, above all, involving the entire organization.”

Core processes

Many companies have started with isolated AI applications. An employee builds a model to search internal documents, or a team tests a chatbot. But the step toward structural value creation is a big one. “What we see everywhere,” says Van den Breemer, “is

‘The biggest pitfall is doing nothing. AI is changing the way processes are structured.’

experimentation at the margins. Useful, often handy, but without central oversight or a clear strategy. The challenge is in scaling. That requires well-organized data, established governance, and processes that are fit for AI.”

She argues for a step-by-step approach: select an initial use case, define clear criteria, apply the foureyes principle, and gradually improve data quality. “You don’t have to wait until your data landscape is perfect. Start with a clearly defined process, make sure you learn, and build from there.”

Readiness

The question is whether CIOs are prepared to take

this step. Van den Breemer: “CIOs understand the technology and its potential. What no one has yet figured out is how to consistently realize concrete value. There is no blueprint that works everywhere. We are in a time of uncertainty, and that demands transparency and collaboration. No one knows exactly what the future will look like, but we must begin.”

That starting point is often smaller than expected. It can be a simple use case rolled out in just a few months, rather than a project that stalls for a year or more in legal reviews or IT adjustments. “You have to make people AI-literate and ensure they understand what is happening. Only then can you scale.”

Value creation

EY’s AI Lab distinguishes between two types of applications. On the one hand, productivity gains: using models like GPT or copilots to handle repetitive tasks faster and more efficiently. On the other hand, process change: deploying agents that fundamentally redesign and redefine processes.

According to Van den Breemer, this second category is decisive for the future. “That’s where AI doesn’t just speed up work but actually changes it. Think of agents that independently process documents, fill out forms, or structure data. That strikes at the core of how organizations design their processes.”

AI in finance

EY itself has placed its finance and tax organization on an AI platform. Processes around reporting and compliance are supported by AI agents. One key lesson: implementing the first agents takes time. “We had to go through a change process that lasted six to twelve months. You face compliance requirements, approvals, and governance. But that experience now helps us advise clients: start small, make sure you get the necessary approvals, and learn how to move

from the first pilot to the next step.”

The consultancy division is also running pilots with an internal GPT environment, where all documents are securely accessible. According to Van den Breemer, this has already delivered 15 percent productivity gains. “An agent that prepares proposal documents or fills CVs with relevant skills saves an enormous amount of time. It also makes global knowledge instantly accessible.”

Governance and control

A key question is how organizations maintain control over the proliferation of experiments. “You don’t want all energy to be lost in scattered initiatives, but you also don’t want to be too rigid,” says Van den Breemer. EY therefore advises clients to put a clear governance structure in place: a program organization that maps all initiatives, sets priorities, and maintains a pipeline. “That way, you strike a balance between experimentation and making strategic choices.”

Safety and ethics are essential here. Companies want AI to run in their own closed environment, so sensitive data doesn’t leak through public models. “Responsible AI must be embedded from day one,” Van den Breemer stresses. “Not afterwards. You need experts to ensure applications comply with the EU AI Act and to carefully assess bias, privacy, and ethics. Especially with citizen data, this is indispensable. Nobody wants to risk another benefits scandal.”

The AI lab

To help organizations, EY has set up an AI Lab where companies can experiment in a sandbox environment. Teams have the opportunity within a few days to select use cases, build prototypes, and experience what AI can concretely mean.

“We always ask clients to bring multidisciplinary teams,” says Van den Breemer. “Not just IT, but also legal, privacy officers, and business representatives. That combination ensures that applications are usable and scalable.”

The lab offers both on-premises solutions for regulated sectors and pilots with large language models and generative AI. “Our goal is to make AI tangible and let organizations experience how to move from experimentation to structural value.”

Agents of change

The theme of Gartner IT Symposium/Xpo 2025— Agents of Change—ties in seamlessly. CIOs are the directors of digital transformation and face the task of guiding their organizations through this uncertain phase.

For Van den Breemer, the core message is clear: “AI demands leadership, collaboration, and responsibility. CIOs don’t need to reinvent the wheel, but they do need to take the first step. Don’t wait—start, learn, and scale. That’s the only way to move from experiment to real value.” 

Data sovereignty, AI and the changing role of the CIO

CIOs are the driving force behind digital transformation, especially now that artificial intelligence, data sovereignty, and cybersecurity are increasingly prominent on boardroom agendas. Dutch IT Channel spoke with Emily Glastra, Managing Director of T-Systems Netherlands, about the key trends she sees in the market, the changing expectations of CIOs, and the role T-Systems plays in this landscape.

According to Emily Glastra, the biggest shift in recent years has been the way IT and business have become more closely intertwined. Where technology was long seen as supportive or instrumental, it now firmly sits on the executive agenda.

“The issues CIOs bring forward are no longer purely technological. More and more, it is about linking business objectives with technological possibilities. I find it inspiring to see that technology has truly become a board-level issue. Whether it concerns AI, cybersecurity, or compliance with regulations, the conversation is fundamentally about its contribution to business outcomes.”

Glastra emphasizes that this is a fundamental change compared to a few years ago. “Eight years ago, it was very different. At that time, IT was still often placed in

‘The sovereignty issue is relevant for commercial clients, but in a different context than for the public sector.’

the corner as a cost center or mandatory utility. Now we see CIOs increasingly taking on the role of connector and enabler.”

Regulation as a catalyst

Regulation, particularly European frameworks such as the AI Act and the growing requirements around data and privacy, has proven to be an important catalyst.

“Cybersecurity was always high on the CIO’s agenda, but due to geopolitical developments and stricter rules, it has become an even bigger theme. The same applies to data sovereignty: organizations are

thinking much more carefully about where their data resides, which parties are involved, and what risks that entails.”

Data sovereignty

For T-Systems, part of Deutsche Telekom, data sovereignty plays a special role. Because the company is European and has developed several sovereign cloud solutions, Glastra notes that organizations in the Netherlands often approach T-Systems with questions about alternatives to large U.S. hyperscalers.

“The sovereignty issue is relevant for commercial clients, but in a different context than for the public sector. For governments, it is often about citizen data and the question of whether it should remain within national borders. In the commercial sector, it is more about reconsidering and intentionally reaffirming the chosen strategy. Even if nothing changes, such reaffirmation helps ensure conscious choices in a rapidly shifting geopolitical landscape.”

She sees that organizations are searching for clarity.

“Everyone talks about sovereignty, but what does it actually mean in practice? When you peel back the layers, you end up with several dimensions: data, infrastructure, hardware. And on some of those layers, we simply don’t yet have European alternatives. That makes the discussion both complex and urgent.”

AI

The major theme today is artificial intelligence. Despite the enormous attention, Glastra still sees mainly experiments and pilot projects in practice.

“There are certainly commercial organizations that are ahead of the curve, but in many conversations I hear that AI is still mainly being used in the form of copilots or assistants. True disruption—where entire processes are fully automated and secured with AI

agents—is not yet widespread. Banks and insurers are a bit further along, but for many other sectors it’s still a search for the right applications and governance.”

She does expect this to change quickly. “The technology is developing at lightning speed. But success will depend on how organizations manage to embed AI into governance, compliance, and business models.”

The CIO

In this environment, the role of the CIO takes on a new dimension. According to Glastra, it is no longer sufficient to be mainly technically skilled.

“A good CIO combines technological expertise with business skills. More importantly, he or she is a connector who speaks the language of the business and can translate it into technological solutions. Then you are not just managing workplaces and helpdesks, but you are a full-fledged discussion partner who helps move the organization forward.”

As a result, the role of the CIO is evolving into that of a digital officer who is firmly part of the strategic leadership. Especially when security, compliance, and privacy also fall under their remit, it becomes a function that belongs right alongside the CEO.

From strategy to practice

“A few years ago, we started co-labs: collaborations with groups of customers in which we scrutinize their IT strategy and operating model. The beauty is that these often uncover not only technological improvements but also organizational and cultural issues. It’s about leadership, about how you bring your people along, and about whether you still view IT as a cost center or as a strategic investment.”

T-Systems also challenges customers to think in terms of ecosystems. “Many organizations are hesitant to bring suppliers or even competitors together at the table. Yet the most successful projects often turn out to be those in which multiple parties collaborate and create transparency—for example, in the supply chain. The case of Heineken, which involves all suppliers jointly in its strategy, shows how powerful this can be.”

Concrete solutions

In addition to strategic guidance, T-Systems also de -

Emily Glastra

livers concrete solutions. Governance, security, and zero trust architectures are central here.

“These may not be the sexiest topics, but they are essential. If you want to deploy AI, your governance and management must be properly structured. We help customers bring structure to processes, privacy, security, and compliance. Only then can you responsibly integrate AI into your business.”

“We are currently building a European AI factory with 10,000 NVIDIA GPUs, ready in early 2026. This will provide a foundation for industrial AI innovation within a European sovereign framework. It fits our strategy of both helping customers with practical governance and zero trust, and contributing to a broader European digital infrastructure.”

Conscious choices

Glastra expects the coming years to be defined by making conscious choices. “Many organizations rolled out cloud strategies in recent years without always considering the geopolitical implications. Now the question is whether those strategies still fit the current context. The answer does not have to be that everything must change—but it does mean that choices must be made intentionally and reaffirmed.”

That also applies to AI. “The question is not whether you should start working with it, but how and with what safeguards. Governance, compliance, and sovereignty are crucial.” 

From prevention to resilience

The digital threats organizations face are evolving rapidly. Guido Grillenmeier,

Principal Technologist EMEA at Semperis, observes a clear shift in the market:

on prevention to a

broader

approach

in which cyber resilience takes

from a one-sided focus

center

stage. “You cannot prevent everything. The reality is that sooner or later you will be hit. The real question is: how well are you prepared to respond?”

The numbers speak for themselves. According to various studies, including recent publications by Schwarz Digits in Germany and Cybersecurity Ventures, the global cost of cybercrime will rise to more than $10.5 trillion in 2025. Fifteen years ago, the damage still seemed manageable, but since then the curve has risen explosively. Ransomware attacks, data breaches, and identity abuse now cause not only direct financial losses but also longterm harm to reputation, continuity, and customer trust.

Grillenmeier stresses this does not mean prevention has become less important. Firewalls, endpoint protection, and zero trust principles remain necessary parts of any security strategy. “But software is built by people and therefore never flawless. Zero-days and vulnerabilities will always exist. That calls for a mindset shift: accept that an attack can succeed and ensure your organization can continue to function in crisis mode.”

Identity as the weakest link

The greatest vulnerability, according to Grillenmeier, lies in the identity layer. While organizations invested heavily in perimeter defenses, the reality is that attackers often do not “break in” but log in. Stolen credentials, tokens, or cookies are used to gain access to critical systems.

“Active Directory, introduced in 2000, still forms the backbone of identity management in many organizations. It

is powerful but complex, and therefore hard to fully secure,” explains Grillenmeier. “Many attackers still target this foundation. With freely available tools, even a non-expert can escalate privileges and take over an entire domain.” The challenge has grown with hybrid environments. Nearly all organizations now synchronize their on-premises Active Directory with cloud platforms such as Microsoft Entra ID. This means an attack that begins with phishing or malware on an endpoint can rapidly move into the cloud. Groups like Storm-0501 now use this route systematically: first breaching the legacy

stolen credentials from an external contractor were enough to shut down operations. “That shows that identity security is not just an IT issue but a strategic challenge that affects the entire organization,” says Grillenmeier.

Shifting from prevention to resilience

The core of the shift described by Grillenmeier is moving from prevention to resilience. It is no longer only about keeping attackers out, but about being prepared for the moment they do get in. A key concept here is the Minimum

‘During a crisis, you do not fall back on improvisation, but on the extent to which you have prepared’

environment, then obtaining cloud privileges, and embedding themselves persistently there.

Ransomware-as-a-Service

The criminal ecosystem is professionalizing at high speed. Where technical expertise was once required, Ransomware-as-a-Service (RaaS) groups now offer ready-to-use attack packages. Initial access brokers sell entry to vulnerable systems on the black market, often for a fraction of the potential damage inflicted.

One notorious example remains the Colonial Pipeline attack, where

Viable Company (MVC). This means an organization defines in advance which processes, applications, and infrastructure are absolutely essential to keep running in a crisis. These could be order and shipping systems in manufacturing or patient records in healthcare.

“During a crisis, you do not fall back on improvisation, but on the extent to which you have prepared,” says Grillenmeier. “Who has which role, which applications need to come online first, and how communication is organized—all of that must be defined and rehearsed beforehand.”

Exercises and testing

Many organizations have recovery plans, but they often remain on paper. Without regular exercises, such plans lose their value. Tabletop exercises, where a crisis scenario is simulated without halting production, are essential, according to Grillenmeier.

“A plan that has never been tested is a paper tiger. Only during exercises do you uncover overlooked dependencies. You may discover that a critical application relies on another system, or that contact details are outdated. By practicing regularly, an organization’s resilience grows.”

AI as weapon and shield

AI is another major trend. Since the

release of ChatGPT in late 2022, AI has accelerated rapidly. For defenders, AI offers opportunities to detect patterns in massive volumes of log data and flag anomalies faster.

But cybercriminals are also leveraging AI. Phishing emails are now error-free and highly convincing. Deepfakes and real-time voice imitation make social engineering more dangerous than ever. And while mainstream AI models refuse to generate malware, modified dark-web variants exist that do so without restriction.

“Attackers don’t care about compliance or ethics,” says Grillenmeier. “That makes AI a powerful tool for them. For defenders, it means using AI to analyze the flood of signals, while also manag-

ing the rise of false positives that put SOC teams under pressure.”

Strategic dialogue

Cyber resilience is not merely a technical issue. It affects the core of business strategy and must therefore be part of board-level discussions. According to Grillenmeier, top-down initiatives are essential. “An effective crisis management plan requires sponsorship from the boardroom. It’s not only about technology but also about processes, communication, and governance.”

Implementing resilience measures means making clear agreements about where critical data is stored, how keys and backups are secured, and what alternative communication channels are available if primary systems are compromised. Incidents have shown that even Teams or Zoom conference calls can be intercepted by attackers. Out-of-band communication channels are therefore crucial.

Security professionals are increasingly becoming change agents in their organizations. They must not only implement technology but also drive cultural and mindset changes: away from the illusion of total prevention toward a realistic focus on resilience.

“Cyber resilience should be a KPI organizations are measured against,” Grillenmeier concludes. “Not whether you are attacked, but how well you respond ultimately determines whether your organization survives. Prevention remains necessary, but without resilience you are still vulnerable.” 

‘CIOs want a future-proof Microsoft strategy’

It is a turbulent time for CIOs. Market shifts, consolidation, geopolitical pressure, and the rapid rise of AI mean that digital transformation is no longer optional—it is a necessity. Dutch IT Channel spoke with Hamid Ashouri, Country Manager Benelux at Nerdio, about the challenges CIOs face today, and how Nerdio, together with Microsoft and its partner network, helps organizations become future-proof.

Across all sectors, Ashouri sees major changes: “The past three to five years have brought enormous shifts. Traditional vendors have been acquired or attracted new investors. At the same time, Microsoft has shifted its areas of focus, especially around the workplace.”

“For CIOs, this means that several familiar components in their workplace environment are reaching end-of-life. That creates urgency to develop new strategies and define a vision for the coming years.”

That vision extends beyond technology alone. “It’s also about the end user: how can we continue to serve them optimally in the future? That is a major challenge for CIOs.”

Talent shortage

A second structural challenge is the shortage of skills and people. “Even service providers, for whom IT is core business, struggle to attract and retain the right talent. Organizations can deploy specialists only

‘We invest heavily in partners, consultants, and independents, enabling them to get the most out of Microsoft with our solutions’

once, and demand for expertise keeps growing. This is a universal issue on every CIO’s agenda.”

Another complication, Ashouri notes, is the complexity of Microsoft platforms. “Microsoft provides powerful solutions, but they contain a wealth of functionality and are often fragmented. For CIOs, it is a challenge to implement these effectively and then manage them well.”

A simplifying layer

Where Microsoft provides the platforms, Nerdio positions itself as the layer that simplifies complexity. “We help customers get from A to B. We enrich the management, implementation, and evolution of the digital workplace. Our solutions embed the expertise that is so hard to find in the market. CIOs receive from us a toolbox with building blocks they can use to realize their specific use cases and objectives.”

An important element is handover to the operations team. “After a project, the transition must run smoothly. We support our customers there as well. We ensure CIOs maximize the value of their Microsoft investments, both technologically and organizationally. It’s not only about cost, but about value creation and return on investment.”

Partners

Nerdio works closely with Microsoft, which regards the company as an extension of its products. In addition, the partner ecosystem plays a crucial role. “We invest heavily in partners, consultants, and independents, enabling them to get the most out of Microsoft with our solutions. Often, customers see the value of migration and management but don’t know how to approach it. We fill exactly that gap. The result is a triangle: Microsoft, the partners, and Nerdio, together offering a future-proof solution.”

AI has become a must-have. “We integrate AI into our solutions to speed up processes and better support CIOs. Think frameworks and dashboards that enable CIOs to make data-driven decisions. This helps them optimize costs, accelerate innovation, and make their IT organizations more agile. The challenge is not the will, but the how: how do you implement AI responsibly, with proper governance?”

According to Ashouri, Nerdio helps CIOs link tech -

nological innovation to business KPIs. “We translate technical performance into measurable results at board level: growth, operational efficiency, customer satisfaction, and risk management.”

Start small

One common pitfall, Ashouri says, is that organizations start too big. “We advise CIOs to start small, with two or three use cases that have the highest impact. That creates buy-in and delivers visible results quickly. From there, you can scale more broadly. It’s important to make strategic choices and build adoption step by step.”

Nerdio sees best practices across a range of sectors, from government and financial institutions to system integrators. “Everywhere, the principle applies that it’s not just about technology—you must also address processes and people. Only when that triangle aligns can you make real impact.”

Roadmap and future

Because Nerdio is fully focused on Microsoft, the company closely follows the platform’s developments. “Microsoft is investing more and more in SaaS and PaaS, with solutions like Intune, 365, and Copilot. Recently, we expanded our products with support for Intune, Remote Support, and W365. Our role is to help customers leverage these new capabilities as effectively as possible.”

Ease of migration is a major priority. “We ensure customers can move to W365 with just a few clicks, or step away from old VDI solutions and migrate with Nerdio to AVD or hybrid environments. In doing so, we support Microsoft’s strategy and make adoption easier.”

Scalability is also critical. “Organizations face peak moments—think exam periods in education—when extra cloud capacity is suddenly required. We help customers scale up and down flexibly, so they only pay for what they use and avoid overloading their existing teams.”

Governance

Ashouri emphasizes that Nerdio also responds to the European context. “Microsoft is investing more heavily in the European market due to geopolitical developments. Organizations must not only benefit from the cloud but also ensure that data, processes, and people are managed responsibly. Governance and compliance are crucial themes, especially in sectors such as government and finance.”

“We provide CIOs with the tools to turn strategy into execution, link technology to business goals, and accelerate innovation. That means not only technology, but also change management, governance, and creating organizational buy-in. Only then can CIOs direct the transformation that has become so necessary.” 

FROM BACKUP TO AI:

How Rubrik helps CIOs become agents of change

What is the role of the CIO in 2025? How can data not only be stored securely but also actively leveraged to accelerate business processes, drive innovation, and enable responsible AI adoption? Ahead of Gartner IT Symposium/Xpo in Barcelona, Filip Verloy, Field CTO EMEA & APJ at Rubrik, explains how the company has evolved from a backup and recovery specialist to a strategic partner in AI readiness, governance, and secure innovation.

We get very diverse questions from the market,”

Verloy notes. “Financial institutions ask about regulatory requirements such as DORA or NIS2. Others want to know how to deploy AI securely inside their organizations. And many CIOs come to us with questions about modernizing their infrastructure to better support the business. Even though you might not expect those questions to be directed at a data management company, organizations often return to us because of the projects we’ve already done with them.”

From backup to cloud data management

Rubrik began as a solution for backup and recovery. “Backup isn’t usually seen as the most exciting part of IT infrastructure,” Verloy admits. “But over the years we’ve evolved into a cloud data management platform. Since 2014 we’ve helped customers migrate from on-premises environments to cloud, multicloud, and SaaS. And it’s not just about IT—it’s about business transformation. How do you leave legacy systems behind in a safe, cost-efficient way?”

The ability to make data more mobile has made Rubrik a key accelerator toward cloud and SaaS. Today, ques -

tions increasingly center on the safe deployment of generative AI tools such as Microsoft Copilot. “How do you build your own AI tools securely, with your own data? That’s exactly where we are involved right now.”

CIOs as strategic leaders in the AI era

The Symposium theme “Agents of Change” resonates strongly with Rubrik’s evolution. “The changing role of the CIO mirrors our own trajectory,” Verloy says. “Where we once provided a tactical solution for backup and recovery, today we act as a strategic sparring partner. We help CIOs with cost optimization to free resources for transformational projects, and with the migration from legacy to modern systems.”

AI makes the CIO profile even more critical. “Some organizations have AI governance boards or innovation teams, but ultimately it often falls to the CIO to deliver the infrastructure that enables all those initiatives. The question is: how do you solve that? Our technology shows CIOs what data they have, which data is suitable for AI, and which is not.”

Data quality and governance are central. “AI only works with data. That’s where our Data Security Posture Management (DSPM) comes in. Using

generic AI tools often means working with data unrelated to your intellectual property. The way to make them relevant is to train them on your own data.”

Rubrik has developed targeted solutions for this. With Annapurna, backup data can be made securely and selectively available for AI tools. Through the acquisition of Predibase, Rubrik helps customers fine-tune language models for their business context. The company also introduced Agent Rewind, powered by Predibase AI Infrastructure, which makes AI agents’ actions fully traceable and reversible. “Agent Rewind allows organizations to undo mistakes made by AI agents, provides visibility into their actions, and makes it possible to roll back changes in applications and data,” Verloy explains.

‘AI only works with data. That’s where our Data Security Posture Management (DSPM) comes in.’

Making AI accessible

Security is non-negotiable. “Our focus is on ensuring sensitive data never reaches AI models in the first place— because if it never gets there, you can’t have a data leak.”

Rubrik also emphasizes simplicity. “In

2014 we said: if you can use an app on your phone, you can use Rubrik. We apply the same principle to AI,” Verloy says. Integrating AI is inherently complex—bringing data together, filtering sensitive information, managing access, and transforming it for use in models. “That would normally require an entire data or ML engineering team. With Annapurna, you can simply specify that you want to build a chatbot from your backup data, without complex configuration.”

That simplicity doesn’t come at the expense of power. “We invest heavily in our own innovation, like Annapurna, but we also acquire specific expertise where needed.” As an example, Verloy points to U.S. background-check company Checkr. “They were struggling with false positives when automating complex rules with AI. Together with Predibase, they built their own LLM to handle that complexity.”

Ecosystem and partnerships

Filip Verloy

The ecosystem around Rubrik is evolving quickly. “We work across data, infrastructure modernization, security, and AI. Security is always a layered process—tools for prevention, response, data, network, and identity. You need all those signals to come together.”

Rubrik’s API-first architecture reflects that approach. “We know we’re part of a bigger picture. That’s why we offer as complete a platform as possible and integrate the best available tooling,” says Verloy. Implementation always runs through partners: “We are a fully channel-driven organization. Customers work with us via partners who have the right expertise to integrate everything properly.”

Strategic insights

Finally, Verloy underscores Rubrik’s investment in research and thought leadership through initiatives such as Rubrik Zero Labs. “Together with partners like Microsoft and Palo Alto we publish reports that translate technical insights into strategic language.” These resources help CIOs hold board-level conversations.

“One example was an article by Stephen Schmidt, CSO of Amazon, about the six questions every board should ask their CISO or CIO. It shows how important it is for technical and business leaders to speak the same language.”

For Verloy, the conclusion is clear: “Data is the bridge between business and IT. By knowing what data you have, how it is being used, and how to manage it securely, CIOs can truly act as agents of change.” 

Data, AI, and governance position CIOs as agents of change

CIOs are increasingly recognized as the driving force behind digital transformation and innovation in their organizations. Danny van der Wal, Regional Sales Director Benelux at Qlik, outlines how CIOs are dealing in practice with the explosive growth of data, the promise of Artificial Intelligence, and the pressing need for data governance and sovereignty.

The biggest challenge across industries, Van der Wal observes, is the massive increase in data. Companies are seeing their information landscapes expand faster than ever, raising the question of how to use all that data efficiently, securely, and intelligently. Artificial Intelligence plays a central role in that equation.

“CIOs know that AI offers enormous potential, but they also see many projects fail to launch or collapse along the way,” says Van der Wal. “The key question is: how do you ensure AI actually adds value? The answer usually lies in the basics—data governance and data quality.”

The foundation of AI

That foundation matters more than ever. Where organizations in the past could get away with inconsistent definitions or weak data hygiene, today’s errors are instantly exposed in AI applications. “AI models are only as good as the data they run on. If data quality is insufficient, the results suffer immediately. That’s why governance is no longer a side issue but a prerequisite,” Van der Wal stresses.

Sovereignty and trust

Alongside data quality, sovereignty has become a pressing theme in the Benelux. With geopolitical tensions rising and Europe pushing for digital autonomy, the need to manage data

within national or regional borders is growing.

“In the public and semi-public sectors especially, sovereignty is a hot topic,” Van der Wal explains. “Organizations want to maintain control over their information, particularly when it involves sensitive citizen or government data. CIOs increasingly ask how to safeguard autonomy without holding back innovation.”

Shifting responsibilities

This reflects a broader change in the CIO’s remit. “Fifteen years ago, the CIO was mostly responsible for IT infrastructure. Now the expectation is that technology actively drives business outcomes. CIOs must propose

explaining the past. Now the emphasis is shifting toward predicting the future. Qlik responds with products like Qlik Answers and Qlik Predict.

“With dashboards, organizations used to ask: what happened? The next step is: what will happen and why? With Qlik Predict, CIOs can run simulations. For example, what happens if you reduce a product price by five percent in a particular market? What is the likely effect on revenue? That predictive power helps CIOs make faster, better-informed decisions.”

Data quality and definitions

The importance of data quality is not new, but the urgency is greater than ever. “Twenty years ago, we were

‘That predictive power helps CIOs make faster, better-informed decisions’

solutions that are not just technically sound but also directly tied to strategic goals.”

Qlik often acts as a bridge in this process. “Our solutions sit at the intersection of IT and business. We don’t just talk to technical teams—we talk to business leaders as well. Data and AI impact the entire organization, and only when all stakeholders are aligned can projects succeed.”

From reporting to prediction

Analytics has traditionally focused on

already debating: who owns the data? Business pointed to IT, IT pointed back to business, and quality remained subpar. Now that data feeds everything — from reporting to AI models — poor quality is no longer acceptable.”

A persistent obstacle is the lack of consistent definitions. “What counts as a ‘sale’ can differ by department. For finance, it may mean something different than for sales. Agreeing on metadata and definitions is essential. It takes time, but it’s unavoidable. And quality has to be monitored continu -

ously — it’s not a one-off project.” Not every use case requires perfection, however. “Sometimes 90 or 95 percent accuracy is sufficient. What matters is making conscious decisions about the level of quality needed for each application.”

Small steps, big impact

Van der Wal is realistic about AI adoption: “Most applications are still in their infancy. Chatbots and conversational models are common, but truly advanced use cases remain relatively rare. Successful AI projects are often highly specific.”

He cites a European institution that now uses AI to schedule interpreters

and translators. “Where a team used to spend hours—and mistakes were frequent—an AI agent now completes the process in five minutes, fully automated. That’s a massive efficiency gain, but within a tightly defined use case.”

That’s why Qlik advises starting small. “Launch a pilot, let end users get accustomed, and build from there. AI doesn’t have to replace entire applications immediately—it often works best as an addition to existing systems. That way, you create buy-in and early wins.”

The

partner

ecosystem

Partnership is central to Qlik’s approach. “In the Benelux we serve

around 5,500 customers, and 90 to 95 percent of them are supported through partners,” Van der Wal notes. “These partners bring deep expertise, whether in specific industries or around topics like governance or supply chain. They add value we couldn’t deliver at the same breadth ourselves.”

This makes the ecosystem indispensable. “From small, highly specialized firms to large integrators, partners help ensure our solutions are implemented successfully. For end customers, that means they get not just technology but also domain knowledge and practical support.”

Integrated platforms

Looking at the broader market, Van der Wal sees a clear shift away from scattered point solutions toward integrated platforms. “In recent years, many organizations chose separate tools for each problem: one vendor for data integration, another for analytics, another for governance. But that makes compliance and governance harder to manage. Now we see organizations returning to integrated platforms, which are simpler and more consistent to operate.”

He expects AI models themselves to become more sophisticated. “Today’s applications are still quite linear. The next stage is models with reasoning capabilities — able not only to generate answers, but to weigh options, combine inputs, and build projections.” At the same time, usage will expand across the workforce. “Where once only BI teams built reports, now end users can ask questions in plain language and receive immediate answers. That democratization of data and AI will fundamentally change how organizations operate.” 

Tessell provides the key to a successful cloud transition with databases

For years, the cloud transition has been high on the CIO’s agenda. Yet not all parts of the IT infrastructure are equally easy to move. Databases in particular often prove to be a bottleneck. This is precisely the area where Tessell positions itself as an Agent of Change. Dutch IT Channel spoke with Hylke Visser, Regional Sales Manager Benelux at Tessell, about the need for multidatabase and multicloud strategies, and the growing role of AI in data management.

According to Visser, the challenge is clear for many organizations: everyone wants to move to the cloud, but the reality is more complex than often assumed.

“Companies have been using databases for decades, each in their own way. As soon as you want to move them to the cloud, you face three obstacles: the enormous diversity of databases, the multitude of cloud platforms, and the risk of lock-in. Our vision at Tessell is to provide a multi-database, multicloud solution with a uniform interface (API). We ensure that the way a customer works with a database today is also available in the cloud. Flexibility and performance are central, without lockin and at lower cost.”

For many organizations, cost control is crucial. Cloud migrations often start with a promise of efficiency but turn out to be more expensive than expected. “We reduce costs on three levels,” Visser says. “Management, infrastructure, and licenses. Through automation and more efficient use of resources, we can achieve significant savings.”

Sovereignty

Tessell’s roots lie with Oracle. More than ten years ago, the founders were tasked by Larry Ellison with bringing the Oracle database to the Oracle Cloud. The conviction soon arose that databases needed to be available

across multiple clouds. In the years that followed, it became clear that organizations were increasingly pursuing multicloud strategies, while the market offered no solution that supported both multi-database and multicloud. Another issue has also become more urgent: data sovereignty. “Clingendael recently made the valid point that it’s fine to work with hyperscalers, but you always need a plan B. What if something goes wrong? At Tessell, we ensure that you can move into the cloud easily, but also just as easily move out again. Backups can also be stored outside the cloud, so organizations can always rebuild their databases.”

Freedom

Tessell supports standard databases such as Oracle, SQL Server, MySQL, and PostgreSQL. These can run across different clouds, migrate from Cloud A to Cloud B, or even back to an on-premises server. This prevents lock-in with a single provider. “Freedom is what customers ask for,” Visser emphasizes. “They want to work with hyperscalers, but always retain an exit strategy.”

The name Tessell refers to the principle of tessellation: optimally fitting

different shapes and sizes into a surface. Visser explains: “That’s how we work with databases. We ensure that different types of databases can run efficiently on a single server. That results in energy savings, lower infrastructure costs, and reduced license expenses. It’s about consolidating and using resources as efficiently as possible.”

Ecosystem

Success in the cloud requires collaboration. Tessell works closely with hyperscalers such as Microsoft Azure, AWS, and Google Cloud, as well as with technology partners such as NetApp. “Many Oracle databases today already use NetApp. We ensure that integration is also available in the cloud.” Collaboration with system integrators also plays an important role. Tessell works with companies such as Sopra Steria, Accenture, and DXC. “They are already embedded with our customers and guide the transitions. Together, we ensure that sizing, landing zones, and governance are properly managed.”

AI

AI is taking on an increasingly important role in database management.

‘It’s no longer enough to just keep data safe in the cloud. The question is how you use that data intelligently for business value.’

“We see that database administrators are becoming scarcer. Many have been active for decades, doing work that is almost comparable to the mainframe era. That’s why we are strongly focused on automation. Tasks that used to require a level 3 DBA can now be performed by level 1 staff. We call that shift left.”

The next step is conversational data management. “Just as we are now accustomed to interacting with ChatGPT, we can also interact with databases. Why is this query performing poorly? Make a backup before I upgrade. This can be done without anyone having to write code.”

To support this, Tessell has developed its own multi-context protocol server. With experience gained from thousands of databases, the platform can analyze database behavior and train models. “This allows us to offer a uniform interface and manage databases through natural language. It reduces the dependency on specialized technicians and makes database operations more accessible to business users.”

Cost savings and innovation

The benefits for customers are tangible. Through patented technology, Tessell can run databases on fast disks at low cloud cost, without compromising performance. In addition, automation of database management reduces DBA workloads by 40 to 50 percent.

“More importantly,” Visser adds, “DBAs no longer focus solely on management. They gain the space to work on database engineering and innovations such as generative AI applications. We say: optimize in order to innovate.”

For example, at a major Norwegian energy company, Tessell set up a migration factory to move 700 Oracle databases to Azure in a short period of time. “The result was improved per-

formance, simpler management, and significantly enhanced ease of use. In addition, processes such as database cloning are now fully automated. What once took weeks can now be completed in an hour.”

Roadmap

In the recent Gartner report Cool Vendors in Data Management: The ‘Modern Data Stack’ Grows Up, Tessell is named as one of the five vendors shaping the transition to a new generation of data solutions. A key element is the patented technology that enables cost savings and performance improvements.

At Gartner IT Symposium/Xpo in Barcelona, Tessell will focus on conversational data management and further integration of data ecosystems. “It’s not just about OLTP databases, but also about the connection with data warehouses and analytics. At Microsoft Fabric in Vienna, we announced integrations that further strengthen this bridge.”

According to Visser, this is a logical step. “It’s no longer enough to just keep data safe in the cloud. The question is how you use that data intelligently for business value. Integration between operational databases and analytical environments plays a key role here.”

Ambitions

Visser sees major opportunities in the Netherlands. “Many organizations want to move to the cloud, but still find databases complex. Migrating applications is relatively straightforward, but databases require attention to data integrity, sovereignty, and governance. Our platform provides that governance while safeguarding sovereignty. In this way, we support Dutch companies in their digital transformation.” 