This was the year of AI agents. Chatbots that simply answered questions are now evolving into autonomous agents that can carry out tasks on a user’s behalf, so enterprises continue to invest in agentic platforms as transformation evolves. Software vendors are investing in it as fast as they can, too.

According to a National Research Group survey of more than 3,000 senior leaders, more than half of executives say their organization is already using AI agents. Of the companies that spend no less than half their AI budget on AI agents, 88% say they’re already seeing ROI on at least one use case, with top areas being customer service and experience, marketing, cybersecurity, and software development.

On the software provider side, Gartner predicts 40% of enterprise software applications in 2026 will include agentic AI, up from less than 5% today. And agentic AI could drive approximately 30% of enterprise application software revenue by 2035, surpassing $450 billion, up from 2% in 2025. In fact, business users might not have to interact directly with the business applications at all since AI agent ecosystems will carry out user instructions across multiple applications and business functions. At that point, a third of user experiences will shift from native applications to agentic front ends, Gartner predicts.

It’s already starting. Most enterprise applications will have embedded assistants, a precursor to agentic AI, by the end of this year, adds Gartner.

IDC has similar predictions. By 2028, 45% of IT product and service interactions will use agents as the primary interface, the firm says. That’ll change not just how companies work, but how CIOs work as well.

Agents as employees

At financial services provider OneDigital, chief product officer Vinay Gidwaney is already working with AI agents, almost as if they were people.

“We decided to call them AI coworkers, and we set up an AI staffing team co-owned between my technology team and our chief people officer and her HR team,” he says. “That team is responsible for hiring AI coworkers and bringing them into the organization.” You heard that right: “hiring.”

The first step is to sit down with the business leader and write a job description, which is fed to the AI agent, and then it becomes known as an intern.

“We have a lot of interns we’re testing at the company,” says Gidwaney. “If they pass, they get promoted to apprentices and we give them our best practices, guardrails, a personality, and human supervisors responsible for training them, auditing what they do, and writing improvement plans.”

The next promotion is to a full-time coworker, and it becomes available to be used by anyone at the company.

“Anyone at our company can go on the corporate intranet, read the skill sets, and get ice breakers if they don’t know how to start,” he says. “You can pick a coworker off the shelf and start chatting with them.”

For example, there’s Ben, a benefits expert who’s trained on everything having to do with employee benefits.

“We have our employee benefits consultants sitting with clients every day,” Gidwaney says. “Ben will take all the information and help the consultants strategize how to lower costs, and how to negotiate with carriers. He’s the consultants’ thought partner.”

There are similar AI coworkers working on retirement planning, and on property and casualty as well. These were built in-house because they’re core to the company’s business. But there are also external AI agents who can provide additional functionality in specialized yet less core areas, like legal or marketing content creation. In software development, OneDigital uses third-party AI agents as coding assistants.

When choosing whether to sign up for these agents, Gidwaney says he doesn’t think of it the way he thinks about licensing software, but more to hiring a human consultant or contractor. For example, will the agent be a good cultural fit?

But in some cases, it’s worse than hiring humans since a bad human hire who turns out to be toxic will only interact with a small number of other employees. But an AI agent might interact with thousands of them.

“You have to apply the same level of scrutiny as how you hire real humans,” he says.

A vendor who looks like a technology company might also, in effect, be a staffing firm. “They look and feel like humans, and you have to treat them like that,” he adds.

Another way that AI agents are similar to human consultants is when they leave the company, they take their expertise with them, including what they gained along the way. Data can be downloaded, Gidwaney says, but not necessarily the fine-tuning or other improvements the agent received. Realistically, there might not be any practical way to extract that from a third-party agent, and that could lead to AI vendor lock-in.

Edward Tull, VP of technology and operations at JBGoodwin Realtors, says he, too, sees AI agents as something akin to people. “I see it more as a teammate,” he says. “As we implement more across departments, I can see these teammates talking to each other. It becomes almost like a person.”

Today, JBGoodwin uses two main platforms for its AI agents. Zapier lets the company build its own and HubSpot has its own AaaS, and they’re already pre-built. “There are lead enrichment agents and workflow agents,” says Tull.

And the company is open to using more. “In accounting, if someone builds an agent to work with this particular type of accounting software, we might hire that agent,” he says. “Or a marketing coordinator that we could hire that’s built and ready to go and connected to systems we already use.”

With agents, his job is becoming less about technology and more about management, he adds. “It’s less day-to-day building and more governance, and trying to position the company to be competitive in the world of AI,” he says.

He’s not the only one thinking of AI agents as more akin to human workers than to software.

“With agents, because the technology is evolving so far, it’s almost like you’re hiring employees,” says Sheldon Monteiro, chief product officer at Publicis Sapient. “You have to determine whom to hire, how to train them, make sure all the business units are getting value out of them, and figure when to fire them. It’s a continuous process, and this is very different from the past, where I make a commitment to a platform and stick with it because the solution works for the business.”

This changes how the technology solutions are managed, he adds. What companies will need now is a CHRO, but for agentic employees.

Managing outcomes, not persons

Vituity is one of the largest national, privately-held medical groups, with 600 hospitals, 13,800 employees, and nearly 14 million patients. The company is building its own AI agents, but is also using off-the-shelf ones, as AaaS. And AI agents aren’t people, says CIO Amith Nair. “The agent has no feelings,” he says. “AGI isn’t here yet.”

Instead, it all comes down to outcomes, he says. “If you define an outcome for a task, that’s the outcome you’re holding that agent to.” And that part isn’t different to holding employees accountable to an outcome. “But you don’t need to manage the agent,” he adds. “They’re not people.”

Instead, the agent is orchestrated and you can plug and play them. “It needs to understand our business model and our business context, so you ground the agent to get the job done,” he says.

For mission-critical functions, especially ones related to sensitive healthcare data, Vituity is building its own agents inside a HIPAA-certified LLM environment using the Workato agent development platform and the Microsoft agentic platform.

For other functions, especially ones having to do with public data, Vituity uses off-the-shelf agents, such as ones from Salesforce and Snowflake. The company is also using Claude with GitHub Copilot for coding. Nair can already see that agentic systems will change the way enterprise software works.

“Most of the enterprise applications should get up to speed with MCP, the integration layer for standardization,” he says. “If they don’t get to it, it’s going to become a challenge for them to keep selling their product.”

A company needs to be able to access its own data via an MCP connector, he says. “AI needs data, and if they don’t give you an MCP, you just start moving it all to a data warehouse,” he adds.

Sharp learning curve

In addition to providing a way to store and organize your data, enterprise software vendors also offer logic and functionality, and AI will soon be able to handle that as well.

“All you need is a good workflow engine where you can develop new business processes on the fly, so it can orchestrate with other agents,” Nair says. “I don’t think we’re too far away, but we’re not there yet. Until then, SaaS vendors are still relevant. The question is, can they charge that much money anymore.”

The costs of SaaS will eventually have to come down to the cost of inference, storage, and other infrastructure, but they can’t survive the way they’re charging now he says. So SaaS vendors are building agents to augment or replace their current interfaces. But that approach itself has its limits. Say, for example, instead of using Salesforce’s agent, a company can use its own agents to interact with the Salesforce environment.

“It’s already happening,” Nair adds. “My SOC agent is pulling in all the log files from Salesforce. They’re not providing me anything other than the security layer they need to protect the data that exists there.”

AI agents are set to change the dynamic between enterprises and software vendors in other ways, too. One major difference between software and agents is software is well-defined, operates in a particular way, and changes slowly, says Jinsook Han, chief of strategy, corporate development, and global agentic AI at Genpact.

“But we expect when the agent comes in, it’s going to get smarter every day,” she says. “The world will change dramatically because agents are continuously changing. And the expectations from the enterprises are also being reshaped.”

Another difference is agents can more easily work with data and systems where they are. Take for example a sales agent meeting with customers, says Anand Rao, AI professor at Carnegie Mellon University. Each salesperson has a calendar where all their meetings are scheduled, and they have emails, messages, and meeting recordings. An agent can simply access those emails when needed.

“Why put them all into Salesforce?” Rao asks. “If the idea is to do and monitor the sale, it doesn’t have to go into Salesforce, and the agents can go grab it.”

When Rao was a consultant having a conversation with a client, he’d log it into Salesforce with a note, for instance, saying the client needs a white paper from the partner in charge of quantum.

With an agent taking notes during the meeting, it can immediately identify the action items and follow up to get the white paper.

“Right now we’re blindly automating the existing workflow,” Rao says. “But why do we need to do that? There’ll be a fundamental shift of how we see value chains and systems. We’ll get rid of all the intermediate steps. That’s the biggest worry for the SAPs, Salesforces, and Workdays of the world.”

Another aspect of the agentic economy is instead of a human employee talking to a vendor’s AI agent, a company agent can handle the conversation on the employee’s behalf. And if a company wants to switch vendors, the experience will be seamless for employees, since they never had to deal directly with the vendor anyway.

“I think that’s something that’ll happen,” says Ricardo Baeza-Yates, co-chair of the  US technology policy committee at the Association for Computing Machinery. “And it makes the market more competitive, and makes integrating things much easier.”

In the short term, however, it might make more sense for companies to use the vendors’ agents instead of creating their own.

“I recommend people don’t overbuild because everything is moving,” says Bret Greenstein, CAIO at West Monroe Partners, a management consulting firm. “If you build a highly complicated system, you’re going to be building yourself some tech debt. If an agent exists in your application and it’s localized to the data in that application, use it.”

But over time, an agent that’s independent of the application can be more effective, he says, and there’s a lot of lock-in that goes into applications. “It’s going to be easier every day to build the agent you want without having to buy a giant license. “The effort to get effective agents is dropping rapidly, and the justification for getting expensive agents from your enterprise software vendors is getting less,” he says.

The future of software

According to IDC, pure seat-based pricing will be obsolete by 2028, forcing 70% of vendors to figure out new business models.

With technology evolving as quickly as it is, JBGoodwin Realtors has already started to change its approach to buying tech, says Tull. It used to prefer long-term contracts, for example but that’s not the case anymore “You save more if you go longer, but I’ll ask for an option to re-sign with a cap,” he says.

That doesn’t mean SaaS will die overnight. Companies have made significant investments in their current technology infrastructure, says Patrycja Sobera, SVP of digital workplace solutions at Unisys.

“They’re not scrapping their strategies around cloud and SaaS,” she says. “They’re not saying, ‘Let’s abandon this and go straight to agentic.’ I’m not seeing that at all.”

Ultimately, people are slow to change, and institutions are even slower. Many organizations are still running legacy systems. For example, the FAA has just come out with a bold plan to update its systems by getting rid of floppy disks and upgrading from Windows 95. They expect this to take four years.

But the center of gravity will move toward agents and, as it does, so will funding, innovation, green-field deployments, and the economics of the software industry.

“There are so many organizations and leaders who need to cross the chasm,” says Sobera. “You’re going to have organizations at different levels of maturity, and some will be stuck in SaaS mentality, but feeling more in control while some of our progressive clients will embrace the move. We’re also seeing those clients outperform their peers in revenue, innovation, and satisfaction.”

Tech talent, especially with advanced and specialized skills, remains elusive. Findings from a recent IT global HR trends report by Gi Group show a 47% enterprise average struggles with sourcing and retaining talent. As a consequence, turnover remains high.

Another international study by Cegos highlights that 53% of 200 directors or managers of information systems in Italy alone say the difficulty of attracting and retaining IT talent is something they face daily. Cybersecurity is the most relevant IT problem but a majority, albeit slight, feels confident of tackling it. Conversely, however, only 8% think they’ll be able to solve the IT talent problem. IT team skills development and talent retention are the next biggest issues facing CIOs in Italy, and only 24% and 9%, respectively, think they can successfully address it.

“Talents aren’t rare,” says Cecilia Colasanti, CIO of Istat, the National Institute of Statistics. “They’re there but they’re not valued. That’s why, more often, they prefer to go abroad. For me, talent is the right person in the right place. Managers, including CIOs, must have the ability to recognize talents, make them understand they’ve been identified, and enhance them with the right opportunities.”

The CIO as protagonist of talent management

Colasanti has very clear ideas on how to manage her talents to create a cohesive and motivated group. “The goal I set myself as CIO was to release increasingly high-quality products for statistical users, both internal and external,” she says. “I want to be concrete and close the projects we’ve opened, to ensure the institution continues to improve with the contribution of IT, which is a driver of statistical production. I have the task of improving the IT function, the quality of the products released, the relevance of the management, and the well-being of people.”

Istat’s IT department currently has 195 people, and represents about 10% of the institute’s entire staff. Colasanti’s first step after her CIO appointment in October 2023 was to personally meet with all the resources assigned to management for an interview.

“I’ve been working at Istat since 2001 and almost everyone knows each other,” she says. “I’ve held various roles in the IT department, and in my latest role as CIO, I want to listen to everyone to gather every possible viewpoint. Because how well we know each other, I feel my colleagues have a high expectation of our work together. That’s why I try to establish a frank dialogue and avoid ambiguity. But I make it clear that listening doesn’t mean delegating responsibility. I accept some proposals, reject others, and try to justify choices.”

Another move was to reinstate the two problems, two solutions initiative launched in Istat many years ago. Colasanti asked staff, on a voluntary basis, to identify two problems and propose two solutions. She then processed the material and shared the results in face-to-face meetings, commenting on the proposals, and evaluating those to be followed up.

“I’ve been very vocal about this initiative,” she says, “But I also believe it’s been an effective way to cement the relationship of trust with my colleagues.”

Some of the inquiries related to career opportunities and technical issues, but the most frequent pain points that emerged were internal communication and staff shortages. Colasanti spoke with everyone, clarifying which points she could or couldn’t act on. Career paths and hiring in the public sector, for example, follow precise procedures where little could be influenced.

“I tried to address all the issues from a proactive perspective,” she says. “Where I perceived a generic resistance to change rather than a specific problem, I tried to focus on intrinsic motivation and people’s commitment. It’s important to explain the strategies of the institution and the role of each person to achieve objectives. After all, people need and have the right to know the context in which they operate, and be aware of how their work affects the bigger picture.”

Engagement must be built day by day, so Colasanti regularly meets with staff including heads of department and service managers.

Small enterprise, big concerns

The case of Istat stands out for the size of its IT department, but in SMEs, IT functions can be just a handful of people, including the CIO, and much of the work is done by external consultants and suppliers. It’s a structure that has to be worked with, dividing themselves between coordinating various resources across different projects, and the actual IT work. Outsourcing to the cloud is an additional support but CIOs would generally like to have more in-house expertise rather than depend on partners to control supplier products.

“Attracting and retaining talent is a problem, so things are outsourced,” says the CIO of a small healthcare company with an IT team of three. “You offload the responsibility and free up internal resources at the risk of losing know-how in the company. But at the moment, we have no other choice. We can’t offer the salaries of a large private group, and IT talent changes jobs every two years, so keeping people motivated is difficult. We hire a candidate, go through the training, and see them grow only to see them leave. But our sector is highly specialized and the necessary skills are rare.”

The sirens of the market are tempting for those with the skills to command premium positioning, and the private sector is able to attract talent more easily than public due to its hiring flexibility and career paths.

“The public sector offers the opportunity to research, explore and deepen issues that private companies often don’t invest in because they don’t see the profit,” says Colasanti. “The public has the good of the community as its mission and can afford long-term investments.”

Training builds resource retention

To meet demand, CIOs are prioritizing hiring new IT profiles and training their teams, according to the Cegos international barometer. Offering reskilling and upskilling are effective ways to overcome the pitfalls of talent acquisition and retention.

“The market is competitive, so retaining talent requires barriers to exit,” says Emanuela Pignataro, head of business transformation and execution at Cegos Italia. “If an employer creates a stimulating and rewarding environment with sufficient benefits, people are less likely to seek other opportunities or get caught up in the competition. Many feel they’re burdened with too many tasks they can’t cope with on their own, and these are people with the most valuable skills, but who often work without much support. So if the company spends on training or onboarding new people who support these people, they create reassurance, which generates loyalty.”

In fact, Colasanti is a staunch supporter of life-long learning, and the experience that brings balance and management skills. But she doesn’t have a large budget for IT training, yet solutions in response to certain requests are within reach.

“In these cases, I want serious commitment,” she says. “The institution invests and the course must give a result. A higher budget would be useful, of course, especially for an ever-evolving subject like cybersecurity.”

The need for leadership

CIOs also recognize the importance of following people closely, empowering them, and giving them a precise and relevant role that enhances motivation. It’s also essential to collaborate with the HR function to develop tools for welfare and well-being.

According to the Gi Group study, the factors that IT candidates in Italy consider a priority when choosing an employer are, in descending order, salary, a hybrid job offer, work-life balance, the possibility of covering roles that don’t involve high stress levels, and opportunities for career advancement and professional growth.

But there’s another aspect that helps solve the age-old issue of talent management. CIOs need to recognize more of the role of their leadership. At the moment, Italian IT directors place it at the bottom of their key qualities. In the Cegos study, technical expertise, strategic vision, and ability to innovate come first, while leadership came a distant second. But the leadership of the CIO is a founding basis, even when there’s disagreement with choices.

“I believe in physical presence in the workplace,” says Colasanti. “Istat has a long tradition of applying teleworking and implementing smart working, which everyone can access if they wish. Personally, I prefer to be in the office, but I respect the need to reconcile private life and work, and I have no objection to agile working. I’m on site every day, though. My colleagues know I’m here.”

이기열 지사장은 한국 내 킨드릴의 전략적 비전을 수립하고 실행하는 핵심 리더십 역할을 맡아, IT 인프라 및 디지털 전환 분야에서 혁신과 운영 우수성을 강화하도록 킨드릴을 이끌 예정이다. 또한, 통신·금융 등 주요 산업 분야에서의 시장 입지 확대, 전략적 파트너십 구축, 지속 가능한 성장과 미래 경쟁력 확보를 위한 조직 운영을 총괄한다.

이기열 지사장은 30여 년에 걸쳐 기술 및 비즈니스 전환 분야에서 경험을 쌓아온 전문가로, 다양한 산업과 지역을 아우르는 최고경영진 역할을 수행하며 대규모 디지털 전략을 총괄하고 인재 육성과 전략적 파트너십 구축을 주도해 왔다. 복잡한 전환 프로젝트를 성공적으로 이끌고 디지털 생태계를 조성하며 고성과 조직을 이끈 그의 역량은 기술 분야에서 비전 있는 리더이자 전략적 설계자로서의 명성을 입증한다.

킨드릴 동남아시아 및 한국 총괄 앤드류 림은 “이기열 지사장은 공공 및 민간 부문 전반에서 디지털 전략, 클라우드, AI, 대규모 혁신에 대한 깊은 전문성을 갖추고 있으며, 이는 한국 기업들의 디지털 전환 가속화에 중요한 기여를 할 것”이라며, “그의 리더십 아래 킨드릴 한국 지사가 지속적으로 성장하고 새로운 성과를 창출할 것이라고 본다”라고 말했다.

킨드릴 코리아 이기열 신임 지사장은 “한국 기업은 현대화를 가속화하면서, 미션 크리티컬 시스템이 혁신, 회복탄력성, 장기 성장을 어떻게 지원해야 하는지 재정의하고 있다. 한국의 우수한 팀과 파트너들과 협력해 미션 크리티컬 서비스를 제공하고, 전략적 파트너십을 강화하며, 고객의 현대화 목표 달성을 지원할 수 있기를 기대한다”라고 말했다.

이기열 지사장은 킨드릴 합류 전, AI, 블록체인, 양자컴퓨팅 기반 디지털 전환을 전문으로 하는 컨설팅 기업 디지털 닥터 주식회사(Digital Doctor Ltd)의 CEO로 재직했다. 그 이전에는 SK그룹, IBM, PwC컨설팅에서 주요 리더십 직책을 맡았다. 한양대학교에서 산업공학 석사 및 학사 학위를 취득했으며, 하버드 비즈니스 스쿨(Harvard Business School)과 서강대학교 경영대학원에서 고급 리더십 과정을 수료했다. 또한, MIT 슬론 경영대학원(MIT Sloan)에서 기술 관련 고급 과정을 이수했다.
dl-ciokorea@foundryco.com

With the end of the year around the corner, I’ve been hearing a common refrain from enterprise IT and transformation leaders: “What budget should I allocate for AI agents in 2026?” The question comes as no surprise. While the rest of their organization might be winding down for the holidays, CIOs are gearing up for one of the most high-stakes planning cycles of the last decade.

AI agents are line items in almost every boardroom agenda. CIOs and CTOs are fielding a barrage of requests from their leadership cohort around “Where are our agents? What outcomes are we expecting? What’s the plan for next year?” According to Forrester, CIOs are set to receive more budget for AI in 2026, but it’s a case of more money, more problems. Next year, IT and tech leaders can expect continued business volatility and intensified pressure to justify every AI dollar is well spent.

As CIOs set their AI budgets, it’s worth taking a reality check: many AI projects are still struggling to make it from pilot to production, or if they do make it to production, they quickly find their use case cannot deliver the ROI they had hoped. That’s why I believe 2026 is a defining budget cycle. The organizations that select the right projects, invest in talent and capabilities and carefully consider the architecture needed to support agents at scale will build sustainable competitive advantages. As for the others? They’ll burn time and money on doomed pilots and incremental tools that offer no real business impact. To make smart bets for a critical year ahead, CIOs must start with understanding how AI agents can deliver real business outcomes instead of just excitement.

What do customers and employees actually want from AI agents? 

The reason AI agents are getting board-level attention is the promise to bridge the gap between human intent and business effect through automation. Over the course of the year, I’ve consulted with hundreds of enterprise leaders seeking to transform their business with AI agents. The ones able to turn those aspirations into transformations all possessed a similar ingredient – they identified the right use cases to start with. Any CIO and any organization can get this part right.

So what do customers and employees actually want from AI agents? Almost every high-impact AI agent project I’ve seen this year boils down to the same simple concept: a user expresses an intention, and an agent takes action on their behalf to deliver an outcome. This is the paradigm that separates agentic AI from chatbots. Agents promise to go beyond just information retrieval or recommendations. That capability is valuable, no doubt, but it’s table stakes in today’s AI world. Customers and employees don’t just want responses or insights; they want assistants that can take tangible actions. They don’t just want AI to help them navigate their supply chain orders across SAP modules; they want to say “order 10 tons of product” and have their agent deliver that outcome end to end.

The majority of successful AI agent projects I’ve seen look just like this. Agents for internal teams focus on meaningful ways to improve productivity by empowering workers to turn complex processes into simple requests. No one, especially anyone under 30, wants to spend time learning how to point-and-click their way through a needlessly complex user interface on a SaaS platform. Forward-thinkers are building their agents to ride a layer above core products to turn intention into outcomes. The ROI in these cases is driven by cost and time savings for the business, at scale.

As agentic capabilities evolve, I’m increasingly seeing this same concept also being applied to AI agents that reinvent the customer experience. Look at the mortgage industry for an example. These lenders report a high drop-off rate in online mortgage applications. The reality is that mortgage applications can be quite complicated. The average applicant is often overwhelmed by financial jargon or documents they may not have readily available. If the user gets confused and steps away, odds are they won’t come back. Now, imagine replacing that with an AI agent that interacts with the core service. It can answer questions, translate complex financial terms into plain terms in real-time, save the session if needed and securely reach out for bank documents. Just a 1-2% increase in completed applications from this represents a material impact on the bottom line. That’s high-impact for the business.

Don’t swing for the fences, just get on base 

As you’re allocating your budget for AI in 2026, here’s my advice: stop chasing moonshots. These vaguely scoped, overgeneralized agent dreams are often expensive, they rarely ship and they burn resources faster than they can create value. Instead, look for opportunities to hit singles and doubles. Keep your eye out for specific, high-value and outcome-driven projects that can deliver wins in months, not years. I’ll walk you through the coaching that I use with enterprise leaders planning AI projects.

Start with this question: What are 10 processes that are repetitive, well-documented and still being manually performed by humans? Score each one on a 1-10 scale across these three dimensions: the impact if you automated it, the risk if the project fails (where 10 is catastrophic) and the complexity to build and deploy it. The winning formula is high impact, low risk and low complexity. That’s your AI sweet spot. Aim your swings there.

One pharmaceutical company used this exact framework and landed on a sleeper hit: agent-based adverse event report processing. That’s not glamorous, but it freed up 40% of the team’s time that went back into actual drug discovery. In sales, I’m seeing teams use agents to create content production pipelines for outbounds, proposals and follow-ups, which helps speed up cycle times and frees reps to focus on closing deals. In financial services, agents are automating tedious back-office processes that are expensive and labor-intensive, cutting costs and reducing turnaround times by days.

Nailing the ROI formula for AI Agents 

So you’ve honed in on the right projects for 2026 AI agents, now comes the hard part: the investment. This is not free; you’ve got to make tough decisions about how to appropriate the budget and how to beef up the teams that will actually go build them. But first, you need to understand something critical about the ROI formula. Return and investment mean widely different things from company to company. 

At the enterprise scale, the value proposition for AI rests much more on increasing the bottom line. Enterprises have many more customers, opportunities for efficiency and additional sources of revenue. So even a one to two percent upside on a critical workflow, such as customer acquisition or cost reduction, can yield a material improvement to the bottom line. The scale at which enterprises operate changes the calculus for what automation flows should look like, due to the impact on their core business.

CIOs across the board must assemble the right team and ensure it is properly budgeted and staffed (I wrote on this topic earlier this year). On top of that, organizations must ensure they’re building AI agents the right way. Your ROI is fundamentally dependent on your ability to scale AI agents across all different teams in your business. Without security, compliance and governance built in from the start, you can’t scale at all. You need to solve for thousands of users, each with their own permissions, and be able to trace every action the agent takes on their behalf. Build these guardrails in from day one, and your agents can become force multipliers. Otherwise, they will drown under token costs to LLMs while the projects never go beyond a prototype.

If 2025 was the introduction to AI agents, then 2026 will be when the winners start to emerge. The companies that break away from the pack won’t be those that talked the loudest about agents or ran the most proof-of-cycle concepts. It will be the ones who shipped them to production and saved time, made money or created new customer experiences that resonate.  The difference won’t be luck; it will come down to those who approach agents with smart design, the right use case selection and informed bets on the teams and technology to bring automation to life. The right plan could change your company’s entire trajectory.

This article is published as part of the Foundry Expert Contributor Network.
Want to join?

I have spent most of my career accountable for the parts of technology nobody thinks about until something breaks. Service delivery, back-office workflows, knowledge decay, compliance friction and the invisible handoffs that quietly drain budgets. For years, I invested in automation as the answer to operational drag. We built rules, mapped flows and tried to automate the edge cases. But whenever reality changed, those automations snapped. It took me longer to realize I was automating drift.

Agentic AI changes the equation by introducing autonomy, adaptability and multi-step reasoning based on a deep understanding of context. It can escalate when confidence falls and apply policy dynamically. Over the past two years, I have deployed agentic capabilities across IT operations and talent acquisition. The cost savings were real, but the reduction in operational risk mattered more.

What concerns me most is how quickly interest is outpacing understanding. A recent enterprise AI maturity study found that many organizations are considering adopting agentic AI in the next 12 months, yet far fewer report being deeply familiar with AI technology. There is widening daylight between investment and comprehension, and leaders can feel it.

The hidden economics of back-office drag

Service delivery is accounted for as a cost center, but in practice, it behaves like a risk center. When incidents spike, I burn labor hours and credibility. When change freezes, innovation slows. When knowledge walks out the door, complexity compounds. Research from McKinsey estimates that major incident outages can cost more than $300,000 per hour when accounting for downtime, lost productivity and recovery labor. Outages erode trust as quickly as they drain budgets, and the longer the system stays down, the more stakeholders begin to question leadership’s judgment rather than the failure itself.

Agentic AI gave me ways to address root causes rather than symptoms. It accelerated the pace at which risk surfaced and reduced the dependence on human memory to carry operational knowledge.

IT service automation that actually bends cost curves

The first breakthrough came from reducing low-value, high-volume work. Password resets, access requests, policy clarification and device troubleshooting represented a disproportionate share of tickets. Conversational agents served as the first point of contact, recognizing intent, authenticating users, enforcing policy and triggering workflows. The response someone received at 4 p.m. on a weekday became indistinguishable from the one they received at 2 a.m.

As these agents matured, they evolved beyond conversation. Diagnostic agents pulled logs and compared them to historical incident signatures. Identity agents validated entitlements through policy. Remediation agents performed corrective actions autonomously when confidence thresholds were high enough. The agents could reason, plan and act instead of merely responding.

I also deployed agents that assisted human analysts. They summarized lengthy ticket histories, suggested relevant knowledge articles and drafted follow-up communication. They even generated new content as knowledge articles from closed incidents to expand self-service coverage. This type of coexistence shifted work away from repetition and toward judgment.

In parallel, autonomous agents operated inside infrastructure operations. They validated alerts, correlated telemetry and occasionally took action before anyone knew an issue existed. It was not about removing humans. It was about removing hours of manual investigation that added no value.

These moves consistently reduced incident resolution times. Industry benchmarks already show double-digit percentage decreases in resolution duration when agentic orchestration is applied to major incidents. I saw similar patterns. The improvement compounds because every minute saved in response time reduces the blast radius downstream.

Strengthening compliance and finance through continuous automation

Compliance workflows suffer when human memory carries the load. Before AI, teams stored rules in shared folders and hallway conversations. Today, compliance agents reconcile invoices, validate contract terms and flag anomalies proactively. They create explainable audit trails continuously rather than quarterly. NIST’s AI Risk Management Framework highlights traceability and explainability as foundational principles. Implementing those controls early reduced anxiety across audit teams and replaced after-the-fact cleanup with preventive action. This also reduced risk and elevated compliance reporting.

Finance experienced something similar. Reconciliation agents monitored variances and surfaced unusual patterns. What surprised me most was their reaction. They were not afraid of replacement. They were afraid of errors. When automation reduced manual variance, they became vocal advocates.

Finding use cases through process mapping

One of the most practical methods for identifying where agentic AI can help is process mapping. When I began visualizing workflows end-to-end, bottlenecks became obvious. Process mining tools uncovered rework loops, approval delays and exception handling that never made it onto formal documentation. Seeing work as a series of minor frictions makes it easier to understand where agents can step in.

The most compelling results emerged when agents were orchestrated together. A conversational agent collected symptoms and authenticated the user. A diagnostic agent pulled logs. A knowledge agent suggested resolutions based on pattern similarity. A remediation agent executed the corrective action. An orchestration layer coordinated all of it. That is where the returns accelerate.

Organizations that have leaned into this approach have reported dramatic improvements in self-submitted HR requests, faster employee onboarding and higher satisfaction due to real-time knowledge enrichment. This reinforces a simple truth: removing friction creates participation.

Workflow orchestration reduces cross-function friction

Most operational drag does not come from incidents. It comes from handoffs. Procurement requests that are bounced between finance, IT and security. Access approvals that depend on availability rather than policy. Tickets that accumulate because approvers are out of office or lack clarity. These interactions create delay and noise that nobody can see on a dashboard.

Orchestration agents change that dynamic. They trigger conditional workflows, collect missing information, validate approvals against policy and route requests without human intervention. Approval agents enforce thresholds. Inventory agents check asset life cycle status. Risk agents flag questionable suppliers. Tasks that previously took days now close in hours. And reducing interruptions had the same effect on productivity as adding headcount.

Why I do not build foundation models from scratch

At one point, I considered building a model internally. The idea was tempting. Owning the entire stack felt like a strategic advantage. But foundation models require massive compute, specialized research talent and years of iteration. Instead, I licensed access to best-in-class models and built the agentic layer on top. We used retrieval-augmented generation to feed proprietary documents and policy rules into the model, then layered business logic that governed behavior in context. We designed this with a strong emphasis on data governance, access control and privacy protection to ensure data was handled responsibly and in compliance with regulations.

This hybrid buy-and-enhance approach delivered faster time-to-value, reduced technical risk and allowed us to retain control of proprietary data and logic.

When I would build instead of buy

There are scenarios where owning the full stack makes sense. If AI is central to strategic product differentiation, if data cannot leave owned infrastructure, if regulatory constraints demand full control or if internal AI engineering maturity is high, then building becomes rational rather than romantic. MIT Sloan has explored the productivity paradox of AI, noting that capability without maturity can increase cost rather than reduce it. That matched my experience.

It is also important to recognize that both data and process maturity must be at a high bar before considering custom agentic development. Automating a broken or incomplete process does not eliminate chaos; it multiplies it. Inadequate governance, missing metadata, inconsistent runbooks or contradictory policies will produce unpredictable outcomes at machine speed. AI does not fix drift. It amplifies whatever it touches. When the substrate is clean, autonomy accelerates value. When it is not, it collapses into noise.

Agentic AI in talent acquisition was the unexpected hero

The biggest lift I saw came from HR. Application backlogs caused candidates to drop off. Interview scheduling created friction across time zones. Compensation exceptions slowed approvals. Agentic AI addressed all three. Conversational agents guide candidates through application steps. Scheduling agents reconciled calendars, set up interviews and sent confirmations. Qualification agents screened resumes against policy. Sentiment agents summarized tone and engagement from written and verbal communication, providing summaries of conversations to all parties.

Time-to-fill decreased and candidate satisfaction improved simply by eliminating the waiting. The SHRM Candidate Application Abandonment Study notes that delayed response time is one of the top drivers of candidate abandonment. Agents save time. And when you compress cycle time in recruiting, you increase talent density, which later reduces operational drag across the enterprise.

Cost is shifting from labor to compute

When human workload decreases, inference cost rises. Finance teams are not yet fluent in ROC (return on compute), but this metric will become as common as ROI. Without guardrails, cloud cost drift can quietly consume the savings that automation promised. I track ROC as closely as I track cost per ticket because unmonitored inference is the new runaway labor. Compute cycles do not call in sick or take a vacation and they scale without asking permission.

This is where leaders can get fooled. If compute spend rises faster than human workload declines, autonomy without financial guardrails can turn cloud cost into the new labor balloon — just harder to see, harder to attribute and harder to challenge. The danger is that it hides in budgets where executives are not trained to look. Leaders know how to question headcount, overtime and contractor spend, but they rarely scrutinize the compute charges buried in cloud bills. AI costs grow in technical corners of the budget, where they can expand quietly and avoid the financial scrutiny applied to labor.

In the same way cloud transformed capital expense into operating expense overnight, agentic AI will force us to treat compute as a strategic cost center rather than a utility. If we do not build that discipline now, autonomy will become the most elegant form of overspending we have ever engineered.

What success looks like

In mature environments, I saw fewer escalations, shorter outages, improved hiring velocity and predictable change cycles. Operational friction decreased and innovation increased. Teams felt less interrupted and more trusted. That cultural shift was as valuable as the financial one.

Predictability is the real outcome. When service delivery becomes stable and repeatable, IT stops acting like an internal repair shop and starts behaving like an engine of growth. Reliable delivery creates the headroom to build new products, partner with the business on revenue initiatives and invest in automations that compound value instead of compensating for failure. As the operational noise floor drops, capacity shifts from firefighting to forward motion.

Agentic AI is not just about doing the same work cheaper. It is about creating the conditions where IT can participate in strategy, influence the customer experience and build digital capabilities that generate revenue rather than support it. When systems stop surprising us, we can finally focus on the work that moves the company forward.

Final thought

Agentic AI is not about replacing judgment. It is about protecting it. When machines remove drag, humans spend more time on the decisions that matter. The organizations that treat back-office operations as a resilience discipline, not a cost bucket, will bend cost curves and compress risk where it quietly accumulates.

This article is published as part of the Foundry Expert Contributor Network.
Want to join?

SAP’s restructuring may have been good for its bottom line, but behind the scenes, it has backfired.

The company did what it promised, said Greyhound Research chief analyst Sanchit Vir Gogia: It wrapped up its restructuring plan, affecting 10,000 employees, by early 2025, kept headcount steady, and delivered strong financial results. But, he said, “Numbers only tell half the story. Inside the organization, something broke.”

That’s evidenced by a recent internal survey, which revealed that many staff no longer trust company leaders or their strategy.

Trust in SAP’s executive board has fallen by six percentage points since April, to a mere 59%, Chief People Officer Gina Vargiu-Breuer wrote in an internal email seen by Bloomberg. In April 2021, that number was more than 80%, said Bloomberg, citing a local media report.

Confidence in SAP’s execution of its strategy has now dropped to 70%, from 77% in April of this year.

No time to learn

“That number drops even further in Germany, where only 38% say they fully trust leadership,” Gogia said. “And it’s not just a sentiment dip. Over 38,000 employees voiced specific concerns. The pattern is clear: confusion around new performance goals, not enough support to implement AI, unstable team dynamics, and barely any breathing room to learn.”

This isn’t resistance to change: “People get the vision,” he said. “The problem is executional load. You cannot drive large-scale transformation, especially AI-first initiatives, without building systems that carry your people with you.”

As part of SAP’s plan to transform into a skills-led company by 2028, 80% of employees were to be assigned to modernized job profiles by the middle of this year, SAP chief people officer Gina Vargiu-Breuer told financial analysts attending a company event in May. This was intended to “unleash AI-personalized growth opportunities” based on an “externally benchmarked global skills taxonomy” of 1,500 future-ready skills, she said. The company devotes 15% of working time to continuous personal development, she said.

In the recent email seen by Bloomberg, however, she admitted: “The feedback shows that not every step [in the transformation] has landed how it should.”

Unfiltered Pulse

In an email statement to CIO, SAP said that the Unfiltered Pulse survey that highlighted the issues “was designed to gather nuanced feedback from employees, focusing on both strengths and areas for improvement. Employees, for instance, have stated that helpful feedback as well as learning and development opportunities are supporting their growth. Results related to team culture are also positive worldwide.”

SAP said 84% of its more than 100,000 employees responded to the most recent of the surveys, conducted every six months, and while there were some positives this time, “the findings also clearly indicate that employee engagement and trust in the board require attention. Following increases in sentiment in the previous iteration, there has been a decrease in the recent Pulse survey. We greatly value this feedback and are taking targeted action in response. We are therefore implementing specific measures to address the input from our employees and to drive meaningful change.”

SAP has not revealed details of these measures.

However, Info-Tech Research Group senior advisory analyst Yaz Palanichamy said, “SAP employees feel a sense of disillusionment as a result of the efforts undertaken in supporting this restructuring program.”

While SAP had framed the initiative as a strategic pivot towards embracing scalable cloud and AI growth, he said, the sheer number of roles affected, and the way that number ballooned well beyond the original target of 8,000, has left many of SAP’s employees concerned about their jobs and about senior leadership.

They worry about organizational stability and clarity, and about whether there is adequate support for their reskilling, he said: “If the cultural and operational gaps concerning morale, talent retention, and organizational role alignment are not proactively addressed, this could severely hinder SAP’s growth ambitions [in cloud and AI].”

SAP is not alone

SAP isn’t the only company that has faced these issues, Gogia pointed out. “Look beyond SAP, and the same symptoms show up elsewhere. Salesforce saw trust scores crater after its 2023 layoffs. Oracle’s morale took a hit when staff felt shut out of decisions. But SAP’s case stands out because performance at the top was solid, yet employee confidence eroded underneath. That divergence is dangerous. When momentum at the surface isn’t backed by alignment at the core, cracks appear in delivery, consistency breaks down, and partners feel the wobble. Execution doesn’t fail all at once. It frays. Quietly. Progressively.”

SAP isn’t ignoring the issues, he noted. It has begun to take action, appointing leaders, communicating priorities, and revisiting how teams are measured.

“That’s good,” he said. “But the real fix will come not from announcements but from behavioral evidence. Trust comes back when people stop guessing what’s next, when systems stabilize, when leaders stay visible, when workloads balance out.”

It’s the slow change no one notices: AI models evolve and people adapt to that. Systems learn and then they forget. Behavioral drift is quietly rewriting how enterprises operate, often without anyone noticing until it is too late.

In my own work leading AI-driven transformations, I have learned that change rarely happens through grand rewrites. It happens quietly, through hundreds of micro-adjustments and no dashboard flags. The model that once detected fraud with 95% accuracy slowly starts to slip. Employees sometimes clone automation scripts to meet deadlines. Chatbots begin answering differently than they were trained. Customers discover new ways to use your product that were never accommodated as part of the design.

This slow, cumulative divergence between intended and actual behavior is called behavioral drift: A phenomenon that happens when systems, models and humans evolve out of sync with their original design. It sounds subtle, but its impact is enormous: the line between reliable performance and systemic risk.

For CIOs running AI-native enterprises, understanding drift isn’t optional anymore. It’s the foundation of reliability, accountability and innovation.

Why behavioral drift matters for CIOs

1. It impacts governance

Under frameworks like the EU Artificial Intelligence Act (2024) and the NIST AI Risk Management Framework (2023), enterprises must continuously monitor AI systems for changes in accuracy, bias and behavior. Drift monitoring isn’t just a “nice to have” anymore; instead it’s a compliance requirement.

2. It erodes value quietly

Unlike outages, drift doesn’t announce itself. Systems keep running, dashboards stay green, but results slowly degrade. The ROI that once justified an initiative evaporates. CIOs need to treat behavioral integrity the same way they treat uptime: to be measured and managed continuously.

3. It’s also a signal for innovation

Not all drift can be considered bad. When employees adapt workflows or customers use tools in unexpected ways, that leads to a productive drift. The best CIOs read these signals as early indicators of emerging value rather than deviations to correct.

What causes behavioral drift?

Drift doesn’t come from one source; it emerges from overlapping feedback loops among data, models, systems and people. It often starts with data drift, as new inputs enter the system. That leads to model drift, where relationships between inputs and outcomes change. Then system drift creeps in as code and configurations evolve. Finally, human drift completes the loop where people adapt their behavior to the changing systems, often inventing workarounds.

These forces reinforce one another, creating a self-sustaining cycle. Unless CIOs monitor the feedback loop, they’ll notice it only when something breaks.

The human side of drift

Behavioral drift doesn’t just happen in code; it happens in culture as well. When delivery pressures rise, employees often create shadow automations: unofficial scripts or AI shortcuts that bypass governance. Teams adapt dashboards, override AI recommendations or alter workflows to meet goals. These micro-innovations may start as survival tactics but gradually reshape institutional behavior.

This is where policy drift also emerges: procedures written for static systems fail to reflect how AI-driven environments evolve. CIOs must therefore establish behavioral observability — not just technical observability — encouraging teams to report workarounds and exceptions as data points, not violations.

Some organizations run drift retrospectives, which are cross-functional sessions modeled on Agile reviews to discuss where behaviors or automations have diverged from their original intent. This human-centered feedback loop complements technical drift detection and helps identify when adaptive behavior signals opportunity instead of non-compliance.

Detecting and managing drift

Forward-thinking CIOs now treat behavioral drift as an operational metric, not a research curiosity.

• Detection. Define what normal looks like for your critical systems and instrument your dashboards accordingly. At Uber, engineers built automated drift-detection pipelines that compared live data distributions with training data, flagging early deviations before performance collapses.
• Diagnosis. Once drift is detected, it is critical to determine its cause. Is it harmful — risking compliance or customer trust — or productive, signaling innovation? Cross-functional analysis across IT, risk, data science and operations helps identify and separate what to fix from what to amplify.
• Response. For a harmful drift, you can retrain it, adjust its settings or update your rules. For productive drift: document and formalize it into best practices.
• Institutionalize. Make drift management part of your quarterly reviews. Align it with NIST’s AI RMF 1.0 “Measure and Manage” functions. Behavioral drift shouldn’t live in the shadows; it belongs on your risk dashboard.

Frameworks and metrics for drift management

Once CIOs recognize how drift unfolds, the next challenge is operationalizing its detection and control. CIOs can anchor their drift monitoring efforts using established standards such as the NIST AI Risk Management Framework or the ISO/IEC 23894:2023 standard for AI risk governance. Both emphasize continuous validation loops and quantitative thresholds for behavioral integrity.

In practice, CIOs can operationalize this by implementing model observability stacks that include:

• Data drift metrics: Utilize population stability index (PSI), Jensen–Shannon divergence and KL divergence to measure how current input data deviates from training distributions.
• Model drift metrics: Monitor changes in F1 Score, precision-recall trade-offs or calibration curves over time to assess predictive reliability.
• Behavioral drift dashboards: Combine telemetry from system logs, automation scripts and user activity to visualize divergences across people, process and technology layers.
• Automated retraining pipelines integrated with CI/CD workflows, where drift beyond tolerance automatically triggers retraining or human review.

Some organizations use tools from Evidently AI or Fiddler AI to implement these controls, embedding drift management directly into their MLOps life cycle. The goal isn’t to eliminate drift altogether: it’s to make it visible, measurable and actionable before it compounds into systemic risk

Seeing drift in action

Every dashboard tells a unique story. But the most valuable stories aren’t about uptime or throughput; they’re about behavior. When your fraud model’s precision quietly slips or when customer-service escalations surge or when employees automate workarounds outside official tools, your organization is sending a message that something fundamental is shifting. These aren’t anomalies; they’re patterns of evolution. CIOs who can read these signals early don’t just prevent failure, they steer innovation.

The visual below captures that moment when alignment begins to fade. Performance starts as expected, but reality soon bends away from prediction. That growing distance, reflected as the space between designed intent and actual behavior, is where risk hides, but also where opportunity begins.

From risk control to strategic advantage

Behavioral drift management isn’t only defensive: it’s a strategic sensing mechanism. Global financial leaders such as Mastercard and American Express have publicly reported measurable improvements from monitoring how employees and customers interact with AI systems in real time. These adaptive behaviors, while not formally labeled as behavioral drift, illustrate how organizations can turn unplanned human-AI adjustments into structured innovation.

For example, Mastercard’s customer-experience teams have leveraged AI insights to refine workflows and enhance service consistency, while American Express has used conversational-AI monitoring to identify and scale employee-driven adaptations that reduced IT escalations and improved service reliability.

By reframing drift as organizational learning, CIOs can turn adaptive behaviors into repeatable value creation. In continuous-learning enterprises, managing drift becomes a feedback engine for innovation, linking operational resilience with strategic agility.

The mindset shift

The most advanced CIOs are redefining behavioral management as the foundation of digital leadership. In the AI-native enterprise, behavior is infrastructure. When systems learn, people adapt and markets shift, your job isn’t to freeze behavior; it’s to keep everything aligned. Ignoring drift leads to slow decay. Over-controlling it kills creativity. Managing it well builds resilient, adaptive organizations that learn faster than their competitors. The CIO of tomorrow isn’t just the architect of technology; they’re the steward of enterprise behavior.

CIOs who master this balance build learning architectures, systems and cultures designed to evolve safely. The organizations that thrive in the AI era won’t be those that eliminate drift, but those that can sense, interpret and harness it faster than their competitors.

This article is published as part of the Foundry Expert Contributor Network.
Want to join?

C 레벨 경영진과 기업 이사회는 비즈니스 성공 계획의 상당 부분을 기술에 걸고 있다. 퍼소니브(Personiv)의 보고서에 따르면, 기업 임원의 78%는 현재 환경에 대한 “선제적이고 민첩한 대응”의 일환으로 지난 6개월 동안 기술 투자를 늘렸거나 앞으로 6개월 안에 늘릴 계획이라고 답했다.

또 KPMG의 ‘2025 글로벌 CEO 전망’ 조사에서는 CEO의 71%가 AI를 최우선 투자 우선순위로 꼽았는데, 2024년 64%에서 증가했다. CEO의 69%는 전체 예산의 10%에서 20%를 AI에만 배정하고 있다고 응답했다.

전반적으로 지금의 화두는 디지털 트랜스포메이션이다. EY-파르테논(EY-Parthenon)이 2025년 9월에 실시한 CEO 설문 조사에 따르면, 최고 경영자의 52%가 “포트폴리오 전환을 가속하기 위해 투자를 확대할 계획”이라고 답했다. 조사 내용은 시장과 고객 기대의 변화에 적응하는 일이 더 이상 선택이 아니라 성장을 위한 필수 과제라는 인식을 보여준다.

이런 기대는 IT 부서가 비즈니스 성과를 이끄는 혁신과 전환을 제공해야 한다는 압박으로 이어진다. 많은 경우 기업은 IT 이니셔티브가 목표를 달성하는 수준을 넘어서는 성과를 내주기를 바란다.

이렇게 요구 수준이 높다는 것은 여러 이유로 많은 IT 부서에 감당하기 어려운 과제가 된다. IT 부서가 기대치를 넘어서지 못하는 7가지 이유와 CIO는 어떻게 이런 장벽을 극복해야 하는지 알아본다.

1. 일상 운영 유지 업무에 너무 많은 시간을 쓴다

인포텍 리서치 그룹(Info-Tech Research Group)의 CIO 프랙티스 리서치 담당 디렉터 헤서 리어-머리는 “기술 엔진을 원활히 돌리는 일은 필수지만, 그것만으로는 CEO와 다른 기업 리더를 감동시키지는 못한다”라고 지적했다.

그럼에도 여전히 많은 IT 부서가 여기에 업무의 상당 부분을 쏟고 있다. 네트워크 관리 소프트웨어 업체 오빅(Auvik)이 발간한 보고서에 따르면, IT 전문가의 58%가 근무 시간의 절반 이상을 최종 사용자를 위한 티켓 처리에 쓴다고 답했다. 또 조사 대상 IT 전문 인력의 32%는 ‘위시리스트에 있는 항목을 구현하지 못한 이유’로 “시간이 부족하다”를 꼽았는데, 가장 높은 비중을 차지했다.

리어-머리는 “조직, 특히 최고 경영진은 IT가 더 높은 수준의 일을 해주기를 기대한다”라며, “디지털 트랜스포메이션을 이끌고 비즈니스 파트너가 되고, 비즈니스 기회를 확장하는 역할을 IT에 기대한다. 경영진은 IT가 비즈니스를 전환하고 확장해주기를 원한다”라고 말했다. 이어 “IT는 유지보수와 관리에 모든 시간을 쓰고 있어 이런 기대를 따라가거나 넘어서지 못하고 있다”라고 덧붙였다.

리어-머리와 여러 전문가에 따르면, CIO는 기술을 사용해 IT 프로세스와 워크플로우를 전환해야 한다. IT부서가 다른 비즈니스 부서에서 하는 일이다. 일상적인 유지보수 업무는 자동화하고 복잡한 프로세스는 AI를 도입해 처리하며, IT 직원이 사용하는 도구와 기술을 단순화해 업무를 간소화하고 시간을 되찾아야 한다. 또 CIO는 비즈니스에 가장 큰 가치를 주는 전략적 업무를, 영향이 크지 않은 유지보수 업무보다 우선순위에 두어야 한다.

2. 기대치에 대한 명확성이 부족하다

IT 부서가 기대치를 넘어서지 못하는 또 다른 이유는 기대치가 무엇인지 명확히 이해하지 못하기 때문이다.

페가시스템즈(Pegasystems)의 CIO 데이비드 비도니는 “성공이 무엇인지에 대한 분명한 그림이 없어서 기대치가 명확히 정의되지 않고, 그 때문에 기대에 격차가 생기는 경우를 여러 번 봤다”라고 말했다. 비도니는 명확성을 얻으려면 IT가 비즈니스 리더가 원하는 결과에 초점을 맞추고, 비즈니스 지표를 사용해 성공을 측정해야 한다고 조언했다.

컨설팅 및 서비스 기업 CGI의 글로벌 비즈니스 엔지니어링 담당 수석 부사장 아마르 아스와타는 “우선 올바른 성과를 측정하는 것부터 시작해야 한다”라며, “진취적인 CIO는 ‘우리가 문제를 제대로 해결하고 있는가?’라고 질문하고, 비즈니스와 자주 확인하면서 ‘같은 결과를 목표로 하고 있는가?’라고 묻는다”라고 말했다.

아스와타는 또 선도적인 CIO는 IT 부서에 어떤 프로젝트와 프로그램을 추진하는지, 그 결과가 조직에 왜 중요한지 그 이유를 공유한다고 설명했다. 아스와타는 “이 점을 설명하고 반복해 강조하는 일이 매우 중요하다. IT 부서는 그 일이 어떤 차이를 만드는지 알고 싶어 하고, 목적 의식을 부여하는 일이 중요하다”라고 강조했다.

3. 비즈니스 파트너가 아니라 솔루션 업체처럼 행동한다

빔 소프트웨어 그룹(Veeam Software Group)의 CIO 네이트 커츠는 CIO와 직원이 거의 거래에만 초점을 맞춰 솔루션 업체처럼 일하는 IT 부서를 본 경험이 있다고 말했다. 동시에 비즈니스 동료와 어깨를 나란히 하며 일하고, 원하는 결과를 함께 달성하기 위해 이해관계와 책임을 공유하는 전략적 파트너로 행동하는 IT 부서도 봤다고 덧붙였다.

전략적 파트너로 행동하는 IT 부서가 기대치를 넘는 성과를 낸다. 커츠는 “오늘날 CIO는 조직에서 매우 중요한 역할이다. IT는 조직의 모든 구성원을 대상으로 하는 몇 안 되는 기능 가운데 하나이기 때문이다”라고 말했다. 또, “CIO는 조직 전체를 조망할 수 있고, 조직을 개선할 방법을 발견할 수 있다. 그래서 CIO는 IT 부서와 다른 임원에게 IT가 조직을 앞으로 나아가게 하는 데 기여할 수 있다는 관점을 분명히 제시해야 한다”라고 강조했다.

4. 성공을 위해 비즈니스 부서에 요구해야 할 역할을 충분히 강조하지 못한다

IT와 비즈니스 부서의 파트너십이 성공하려면 양측 모두가 기여해야 한다. 하지만, 항상 그런 것은 아니다. 비도니의 설명에 따르면, IT 인력이 성공적인 제품을 제공하기 위해 무엇이 필요하고, 목표를 뛰어넘는 결과를 내기 위해 무엇을 해야 하는지 명확히 이해하는 반면, 비즈니스 부서는 그 수준에 이르지 못하는 경우가 있다.

비도니는 챗봇 이니셔티브를 예로 들었다. IT 부서는 특정 데이터 확보가 성공의 핵심이라는 사실을 인식했지만, 비즈니스 부서는 이 데이터 제공에서 어떤 역할을 해야 하는지, 데이터를 양호한 형태로 준비해야 한다는 점, 이를 제때 제공해야 한다는 점을 충분히 이해하지 못했다.

비도니는 “비즈니스 조직은 IT 이니셔티브를 성공시키기 위해 무엇이 결합돼야 하는지, 비즈니스 부서가 무엇을 가져와야 하는지, IT가 무엇을 가져와야 하는지를 완전히 이해하지 못하는 경우가 있다”라고 지적했다.

이런 경우 최종 결과물은 챗봇 사례처럼 “좋은 결과를 내지만 탁월한 결과까지는 가지 못하는” 수준에 머무를 수 있다. 비도니는 이런 경험을 통해 초기 단계에서 비즈니스 부서가 해야 할 일과 필요한 시간을 명확히 설명하는 법을 배웠다고 말했다. 이런 교훈은 탄탄한 커뮤니케이션과 치밀한 계획의 가치를 다시 확인시켜 준다.

5. 효과적인 프로젝트 우선순위 설정 프랙티스를 지키지 못한다

CIO는 오늘날 IT에 과중한 업무가 쏟아지고 있다고 입을 모은다. 비도니는 “모두가 서로 다른 프로젝트와 서로 다른 비즈니스 부서의 다양한 우선순위를 동시에 처리하고 있다”라며, “IT 리더는 도는 요청을 거절하지 않고, 가능하게 만들고 싶어 한다. 하지만 어떤 한계를 갖고 있는지 이해하는 일이 중요하다. 지나치게 많은 일을 떠맡으면 기대를 충족하지 못하고 긍정적인 결과도 내지 못한다”라고 지적했다.

이런 상황을 피하기 위해 비도니는 기업 목표에 부합하는 프로젝트를 우선순위에 두고 역량 계획을 엄격하게 관리한다. 또 팀 구성원이 이런 프랙티스를 따르도록 해 비즈니스 동료와의 회의에서 갑자기 나온 ‘애정 프로젝트’에 IT 자원을 약속하는 일이 없도록 하고 있다.

6. 지나치고 비현실적인 기대를 맞추려 한다

피닉스 대학교 IT 부사장 섀넌 T. 윌슨은 “특히 AI 등장 이후 도입과 관련된 기대 수준이 불과 1년 전보다 훨씬 높아졌다. 결과물에 대한 요구가 과거 어느 때보다 크다”라고 말했다. 윌슨은 이렇게 높아지는 기대를 충족하기 위해 피닉스 대학교 IT 부서가 AI를 포함한 다양한 기술을 활용해 업무 방식을 바꾸고, IT 인력에 대한 교육을 의무화하고 있다고 설명했다.

이 같은 조치 덕분에 IT 부서는 요구 수준을 따라가는 데 그치지 않고 “여러 배의 성과를 돌려주는” 결과를 내고 있다. 하지만 윌슨은 IT 리더가 “보유 자원으로 팀이 무엇을 제공할 수 있는지에 대한 적절한 기대치를 설정해야 한다”라고 강조했다. 또, “수요는 항상 제공 역량을 초과할 것”이라고 덧붙였다.

피닉스 대학교는 IT 부서가 제공할 수 있는 내용을 정확히 계획할 수 있도록 수행 중인 업무를 면밀히 추적하고 있다. 이런 방식으로 팀이 과도한 약속을 하지 않도록 관리한다. 또 2025년 10월 AWS 장애로 작업 계획에 차질이 생겼을 때처럼, IT 리더는 비즈니스 동료와 자주 소통하면서 업무가 계획대로 진행되는지 확인하고 그렇지 않을 경우 상황을 알린다.

윌슨은 이런 조치가 기대 수준을 달성 가능한 범위 안에 두는 데 도움이 됐다며, “기대와 산출물 사이에서 단절이 발생할 수 있는 지점을 최대한 줄이려고 했다”라고 설명했다.

7. IT 인력이 비즈니스 관점으로 생각하지 않는다

IT 서비스·컨설팅·엔지니어링 기업 UST의 CTO 니란잔 람순더는 “IT 팀은 그동안 부서 목표를 위해 일하는 데 익숙했다. 예를 들어 기술 업그레이드, 지원 복잡성 감소, 기능 개선 제공에 걸리는 시간 단축 같은 목표를 위해 일하고, IT 경영진에게 보고했다. 하지만, 이제 IT 이니셔티브에 자금을 대는 비즈니스 이해관계자에게 직접 보고하는 상황이 거의 항상 발생하고 있다”라고 설명했다.

이런 변화가 일부 IT 인력에게는 도전 과제가 된다. 기존 IT 부서에는 존재하지 않았던 “새로운 역량이 필요하기 때문”이다. 예를 들어, IT 인력이 비즈니스 ROI와 우선순위를 이해해야 한다. 람순더는 “CRM의 새로운 기능을 제때, 예산 안에서 배포하는 것만으로는 충분하지 않다”라는 점을 깨달아야 한다고 강조했다. 또 시장의 기대 속도에 맞춰 이해하고 일할 수 있어야 한다.

람순더는 CIO가 탁월한 성과를 가로막는 이런 장애물을 제거하기 위해 여러 조치를 취할 것을 조언했다. 비즈니스가 성공을 측정하는 데 사용하는 지표를 IT 인력에게 익숙하게 만들고 AI 도구·오픈소스 컴포넌트·통합 기술을 활용해 속도를 높일 수 있도록 IT 팀을 교육하며, 비즈니스 영향도를 기준으로 IT 프로젝트에 우선순위를 매겨야 한다는 설명이다.

또한, “IT 역량과 측정 지표를 비즈니스 관점에서 바라보는 교육 프로그램을 의식적으로 개발하고, AI 에이전트를 포함하는 새로운 조직 구조를 도입하는 것이 중요하다”라고 강조했다. IT 부서는 LLM과 에이전트를 활용할 수 있도록 핀옵스 역량을 핵심 기술과 함께 개발해야 한다고 덧붙였다.

람순더는 “CIO와 IT 부서는 새로운 AI 도구를 빠르게 온보딩할 수 있는 적절한 도구와 프레임워크를 갖춰야 한다”라며, “IT 부서 안에 ‘그래서 이게 비즈니스에 어떤 의미가 있는가?’를 묻는 사고방식을 길러, 자신이 하는 일의 비즈니스 가치를 생각하고 단지 요청받은 대로만 제공하는 수준을 넘어 차별화된 비즈니스를 만드는 데 적극적으로 참여하도록 해야 한다”라고 강조했다.
dl-ciokorea@foundryco.com

The C-suite and corporate boardroom have pinned much of their plans for success on technology.

According to the 2025 Executive Outlook report by Personiv, 78% of execs have increased technology investment or will increase it in the next six months in what researchers termed “proactive, agile responses to the current environment.”

And AI is proving to be a key area for that investment, as the KPMG 2025 Global CEO Outlook found that 71% of CEOs listed AI as a top investment priority, up from 64% in 2024, with 69% allocating 10% to 20% of their budget on AI alone.

Overall, transformation is the order of the day. Accoding to the September 2025 EY-Parthenon CEO Outlook Survey, 52% of chief executives “plan to increase investment to accelerate portfolio transformation, reflecting a recognition that adapting to shifting markets and customer expectations is no longer optional but essential for growth.”

Such expectations put pressure on IT teams to deliver innovations and transformations that drive business results — and the expectations are often that IT initiatives will exceed objectives.

That’s a tall order, one that many IT departments can’t fulfill for various reasons. Here long-serving IT leaders share seven reasons why IT teams fail to exceed expectations and how CIOs can lead their teams to overcome those challenges.

1. Too much time spent on lights-on activities

Keeping the technology engines humming smoothly, while essential, will not impress CEOs and other enterprise leaders, says Heather Leier-Murray, a research director in the CIO practice at Info-Tech Research Group.

Yet that’s where many IT teams still focus much of their attention.

The IT Trends 2025: Industry Report from Auvik, a maker of network management software, found that “58% of IT professionals shared that they spend half or more of their work week on tickets for the end-user.” It also found that 32% of surveyed IT pros cited “don’t have enough time” as a reason for not implementing wish-list items — the No. 1 reason given.

“We’re seeing that the organization — the C-suite, and the CEO particularly — is increasing expectations that IT should be working at higher levels, so leading transformations, being business partners, expanding business opportunities. They want IT to transform and expand the business,” Leier-Murray says. “And IT is not able to keep up, or exceed, with this expectation because it is spending all its time on maintenance and administration.”

Leier-Murray and others say CIOs need to use technology to transform IT processes and workflows — just as they’re doing in other business units. They should automate routine maintenance tasks, deploy AI to perform more complex processes, and simplify the tools and technologies IT staffers use as a way to streamline jobs and gain back time. Furthermore, CIOs must prioritize strategic work that delivers the most value over maintenance work that has little to no critical impact.

2. Lack of clarity on expectations

Another reason why IT teams fail to exceed expectations is that they don’t have a clear understanding of what the expectations are.

“Sometimes there is not a clear picture of what success is, and that means there are gaps in expectations because they weren’t well defined. I’ve seen that happen time and time again,” says Pegasystems CIO David Vidoni.

To gain clarity, Vidoni says IT needs to focus on the outcomes business leaders want and use business metrics to measure success.

Others offer similar advice.

“Start by measuring the right types of progress,” says Amar Aswatha, senior vice president for global business engineering at CGI, a consulting and services firm. “Progressive CIOs will ask, ‘Are we solving the right problem?’ and they’ll check back with the business often and ask, ‘Are we aligned to the same outcome?’”

Aswatha says leading CIOs also share with their IT teams the reasons for the projects and programs they’re pursuing and why the outcomes are important for the organization. “Explaining that and reiterating that is extremely important. IT teams want to know what difference it makes, and giving them the sense of purpose matters,” he says.

3. Acting more like a vendor than a partner

Nate Kurtz, CIO of Veeam Software Group, has seen some IT departments work like vendors, with CIOs and staffers taking an almost transactional approach, while others act like strategic partners, working shoulder to shoulder with business colleagues, sharing a stake in — and responsibility for — achieving a desired outcome.

Those who act like strategic partners are the ones who exceed expectations, he says.

“The CIO is a critical role in an organization today, because IT is one of the few functions that touch everyone in an organization,” he says. “CIOs can see across an organization; we can see ways to improve it. So the CIO has to frame that perspective to the IT team and other executives, that IT can help drive the organization forward.”

4. Falling short on ensuring the business does its part for success

Both sides must contribute to the IT-business partnership for it to work successfully, yet experienced CIOs say that’s not always the case. There are times when IT workers are clear on what it will take to deliver a successful product, and what they must do to exceed target outcomes, but the business does not have that same level of understanding, Vidoni says.

As an example, he points to a chatbot initiative. The technologists recognized that having certain data was essential for success, but the business unit did not seem to grasp its role in delivering that data, ensuring it was in good form, and doing so in a timely manner.

“Business may not fully understand all that needs to come together for [a technology initiative] to succeed, what needs to be brought to the table from the business team, and what IT needs to bring to the table,” he says.

The end product in such cases may “produce good results, but not spectacular results,” as was the case with the chatbot, says Vidoni, adding that he learned from that experience to outline at the outset what the business needs to do and allocate the time they need to do it — a lesson that reinforces the value of strong communication and good planning.

5. Failing to enforce effective project prioritization practices

CIOs attest to the heavy workload put on IT today.

“Everyone is juggling different projects and different priorities for different business units,” Vidoni says. “And IT leaders want to please and satisfy, and that can come out as not pushing back on requests, saying yes, and striving to make things happen. But it’s important to understand what boundaries you have, to make sure you do not overcommit, because if you’re stretched too thin, you’ll miss expectations and not have positive outcomes.”

To avoid such scenarios, Vidoni prioritizes projects aligned to enterprise objectives and has a strong discipline around capacity planning. He also makes sure team members adhere to those practices so they’re not committing IT resources to pet projects that come up in their meetings with business colleagues.

6. Trying to keep up with excessive, unrealistic expectations

“The expectations for delivery, especially with the advent of AI, are that much greater today than they were just a year ago,” says Shannon T. Wilson, vice president of IT at the University of Phoenix. “The demands for output are greater than they have ever been in the past.”

To meet those increasing expectations, Wilson says his IT department is transforming how it works, using technology — including AI — to become more effective and efficient, and is mandating training for its IT workforce.

Such moves have helped IT not only keep pace with demands but also deliver “multiples back.”

But Wilson says IT leaders also must “set the proper expectations for what their teams can deliver with the resources they have,” noting that “demand will always exceed what the capacity is to deliver.”

He says his IT department diligently tracks its work so it can accurately plan what it can deliver, ensuring the team doesn’t overpromise. And IT leaders frequently check in with business colleagues to ensure work is on track and communicate when it’s not, such as when the October AWS outage threw work plans out of whack.

Wilson says such moves have helped ensure expectations are high but achievable.

“We’ve tried to shrink all the places where we can get disconnected between expectations and deliverables,” he says.

7. IT staffers don’t think like the business

“IT teams are used to working for their group’s objectives — upgrades to technologies, reduce support complications, time taken to provide enhancements — and answering to IT management,” says Niranjan Ramsunder, CTO of UST, which provides IT services, consulting and engineering. “Now they almost always answer to business stakeholders who fund most initiatives.”

This presents challenges for some IT workers as it requires them to use “new skills which are not always available in current teams,” he says.

They need to understand business ROI and priorities, for example, he says, and realize that “doing a rollout for a new feature in a CRM on time and under budget is not enough.”

And they must know and work to the speed of market expectations, he adds.

Ramsunder advises CIOs to take several steps to remove such roadblocks to delivery excellence: familiarize IT staffers with the metrics that the business uses to measure success; train IT teams to use AI tools, open-source components, and integration to increase their speed; and prioritize IT projects based on business impact.

“It is critical to develop a conscious training program on the business view of IT capabilities and measurements as well as a new org structure incorporating AI agents,” he says, adding that IT teams must also develop FinOps capabilities along with core skills to leverage LLMs and agents.

“CIOs and the IT teams that report to them need to enable the right kind of tools and framework for onboarding new AI tools quickly,” he adds. “In addition, they need to cultivate in their teams a ‘so what’ mindset urging them to think about the business value of their work and actively participate in creating a differentiated business rather than simply delivering to what is being asked for.”

‘확장’은 종종 성공으로 오해된다. 이는 무언가 제대로 작동하고 있다는 신호처럼 여겨지기 쉽다. 그러나 실제 현장에서는 성장 압박이 로드맵뿐 아니라 아키텍처, 데이터 레이어, 사고 대응 체계, 고부하 환경에서 움직여야 하는 팀의 운영 역량까지 전반에 영향을 미친다. 초기 단계에서 충분히 괜찮다고 여겼던 서비스 수준 계약(SLA), 서비스 수준 목표(SLO), 지연 시간 예산은 새로운 동시 접속 및 트래픽 패턴이 나타나면 쉽게 무너질 수 있다. 겉으로는 건전해 보이는 지표가 실제로는 취약한 시스템을 가리고 있다가, 특정 기능 하나를 출시하는 순간 전체가 한꺼번에 붕괴하는 상황도 여러 차례 목격했다.

• 지표가 정렬되지 않고 운영 체계가 취약한 상태에서 너무 이른 시점에 규모 확장에 나서는 것은 여전히 제품 실패의 주요 원인으로 꼽힌다.
• 지표는 외부에서 가져온 벤치마크가 아니라, 각 조직의 구체적 맥락 안에서 의미를 가진다.
• DORA, 오류 예산, SLO 등 엔지니어링 준비 지표 역시 제품 성장에 맞춰 진화해야 한다. 그렇지 않으면 고부하 환경에서 실패로 이어질 수 있다.

지난 10여 년 동안 잠재력이 큰 팀이 잘못된 지표에 매달리다 소진되거나, 제품이 준비되지 않은 상태에서 무리하게 확장을 시도하다가 실패하는 사례를 지켜봐 왔다. 실제로 스타트업의 70%는 제품과 플랫폼이 충분히 성숙하지 않은 상태에서 성장을 시도해 결국 실패한다는 조사 결과가 있다. 핵심 과제는 더 빨리 성장하는 법이 아니라 시스템을 붕괴시키지 않고 성장하는 방법을 찾는 것이다. 이를 위해서는 지표, 제품의 성숙도, 엔지니어링 탄력성 전반에서 긴밀한 조율이 필요하다.

가장 먼저 배운 교훈 중 하나는 지표가 ‘트로피’가 아니라 ‘거울’이라는 점이다. 한때 ‘월간 활성 이용자’ 같은 단일 지표에 집착하면서 보기 좋은 그래프는 만들었지만, 사업 자체는 취약해졌다. 당시 확대하고 있었던 것은 가치가 아니라 겉모습이었다. 그래서 지금은 범용 KPI 대신 실제 가치 흐름을 보여주는 4~6개의 제품 특화 지표에 집중한다. 가입 전환율, 고객 획득 비용(CAC), 일일 활성 사용자 대비 월간 사용자(DAU-MAU) 비율, 첫 핵심 행동 수행률, 특정 행동 유지율 등이다. 지표는 성공을 확인하는 용도가 아니라 상황을 이해하게 해주는 도구여야 한다. 찰스 굿하트 교수는 “측정 기준이 목표가 되면 더 이상 좋은 측정 기준이 아니다”라는 법칙을 제시한 바 있다.

지표가 목표가 되기 시작하면 사람들은 실질적 성과가 아닌 숫자를 올리는 데 집중하거나 왜곡된 방식으로 문제를 해결하려 한다. 대표적 사례가 웰스파고(Wells Fargo) 교차판매 스캔들이다. 2010년대 웰스파고 경영진은 ‘고객 1인당 계좌 수’라는 지표에 지나치게 집착하면서 과도한 목표를 설정했고, 결국 직원들은 목표 달성을 위해 수백만 개의 유령 계좌를 개설하기 시작했다. 지표는 겉보기엔 좋아 보였지만, 고객 신뢰는 붕괴됐고 회사는 막대한 벌금을 감당해야 했다. 여기서 얻는 교훈은 단일 지표를 절대적 기준으로 삼아서는 안 된다는 점이다. 제품과 사용자가 실제로 얻는 가치를 균형 있게 반영하는 방식으로 성공을 정의해야 한다.

가드레일로서의 벤치마크

벤치마크는 분명 유용하지만, 기준점일 뿐 절대적 규칙으로 받아들여서는 안 된다. 비정상적으로 낮은 전환율 같은 이상 징후를 파악하는 데 도움이 되지만, 특정 제품의 성공을 어떻게 정의해야 하는지까지 규정하는 도구는 아니다. 과거 필자는 팀의 ‘챕터 2’를 다른 기업의 ‘챕터 10’과 비교하는 실수를 저질렀다. 어떤 SaaS 서비스가 첫날 유지율 50%를 기록했다는 이야기를 보고, 우리는 30%에 불과하다는 이유로 스스로를 과소평가했지만, 해결하려는 문제도, 시장 단계도, 사용자 구성도 완전히 다르다는 사실을 놓쳤다.

이런 비교 방식은 팀이 맞지 않는 경기장에서 뛰는 결과로 이어진다. 모든 제품은 출시 시점, 예산, 팀의 성숙도, 시장의 복잡성 등 서로 다른 맥락 속에 존재한다. 벤치마크가 참고 자료일 수는 있지만 의사결정을 지배해서는 안 된다. 이를 절대적 기준처럼 다루기 시작하면 객관성이 있다는 착각에 빠져 실제 제약 조건을 무시하거나 애초에 팀과 무관한 지표를 쫓게 된다.

현실적으로는 벤치마크를 일종의 일기예보처럼 활용하는 것이 유용하다. 다시 말해 어떤 환경에서 움직이게 될지 예상하게 해주지만, 경로 자체를 결정해주지는 않는다. 실제로 중요한 일은 제품의 가치를 정확하게 반영하는 지표가 무엇인지 파악하고, 그 지표를 중심으로 시스템 전체를 조율하는 것이다.

운영 준비

지표가 아무리 유망해 보여도 엔지니어링 준비 없이 제품을 확장하는 일은 부실한 지반 위에 건물을 올리는 것과 다르지 않다. 성장은 운영 시스템 전반에 부담을 준다. 배포 파이프라인, 관측 도구, 지연 시간 예산, 릴리스 주기 등이 모두 실시간으로 스트레스 테스트를 받는다. 그래서 우리는 배포 빈도, 변경 실패율 같은 DORA 지표를 단순한 엔지니어링 KPI가 아니라 확장 가능성을 가늠하는 초기 지표로 활용한다.

또한 성장 루프의 가속을 고민하기 전에 여러 질문을 던진다. 사고 대응 프로세스는 충분히 견고한가? 오류 예산을 마련해 두고 실제로 준수하고 있는가? 성능 저하가 고객 불편으로 이어지기 전에 충분히 빠르게 감지되고 있는가?

확장은 단순히 사용자를 더 많이 확보하는 문제가 아니다. 신뢰와 안정성을 해치지 않는 것이 핵심이다. 기술 부채가 당장 다음 릴리스를 막지는 않을 수 있지만, 이는 성장 압력이 커지는 순간 빠르게 누적된다. 그런 점에서 인프라와 플랫폼의 건강 상태가 결국 제품 전략의 일부라고 할 수 있다. 성장의 순간이 왔을 때 얼마나 빠르고 안전하게 움직일 수 있는지 결정하기 때문이다.

지표가 확장 과정에서 의미를 잃는 이유는 인프라 문제 때문만이 아니다. 더 큰 원인은 지표를 어떻게 해석하느냐에 있다.

올바른 지표 관리

대규모 성과 검토나 성장 현황을 공유하는 회의를 앞두고 있을 때, 필자가 이끄는 팀은 ‘데이터 위생 점검’을 준비한다. 이는 겉으로 드러나는 작업이 아니지만 반드시 필요한 과정이다. 핵심 이벤트가 올바르게 수집되고 있는지, 명명 규칙이 일관되는지, 퍼널이 실제 사용자 흐름을 정확히 반영하는지 꼼꼼히 확인한다. 이런 습관은 한때 온보딩 지표가 급증했다며 기뻐했다가, 알고 보니 특정 이벤트가 너무 일찍 발생하는 버그 때문이었다는 사실을 뒤늦게 확인한 경험에서 비롯됐다. 이 사건은 잘못된 데이터가 얼마나 큰 비용을 초래하는지 분명하게 보여줬다. 부정확한 데이터는 잘못된 확신으로 이어지며, 이런 확신은 가장 값비싼 오류다.

따라서 지금은 지표를 치명적 소프트웨어 버그를 수정하는 것만큼 중요하게 다룬다. 이는 단순한 개인적 성향이 아니라, 여러 조사 결과로도 확인되는 사실이다. 각종 설문에 따르면 경영진의 약 58%는 핵심 의사결정이 부정확하거나 일관되지 않은 데이터에 기반해 이뤄지는 경우가 많다고 답했다. 다시 말해 절반이 넘는 기업이 불안정한 숫자를 기반으로 의사결정을 내리고 있다. 장기적으로 보면 데이터 품질이 떨어지는 데 따른 비용도 적지 않다. 가트너 보고서는 데이터 품질 저하가 기업에 연간 평균 1,500만 달러의 손실을 초래한다고 밝혔다. 정확한 지표는 단순한 기술적 위생 문제를 넘어, 위험을 관리하는 수단이다. 성과를 자축하기 전에, 측정 체계가 잘못된 신호를 보내고 있지 않은지 반드시 확인해야 한다.

성장의 사각지대인 ‘대리 지표’에 주의할 이유

숫자가 오른다고 해서 항상 성공을 의미하는 것이 아니다. 실제 가치가 정체되거나 오히려 떨어지고 있음에도 불구하고, 겉으로만 성장하는 것처럼 보이게 만드는 지표들이 있다. 이를 ‘대리 지표’ 또는 ‘맹목적 지표’라고 부른다. 이런 지표들은 성공의 착시를 만들지만, 정작 핵심 가치 제안은 제자리인 경우가 많다. 대표적인 예가 앱 다운로드 수다. 다운로드는 폭증하는데 실제 활성 이용자는 정체 상태일 수 있다. 웹사이트 페이지뷰가 높아도, 클릭을 유도하는 마케팅 때문일 뿐 실제 유료 전환율은 낮을 수 있다. 이런 상황에서 숫자가 올라가는 그래프만 보고, 그 의미를 의심하지 않는 상태에 빠지기 쉽다.

착시를 피하기 위해 필자는 지표를 간단한 계층 구조로 정리해 관리한다. 일종의 ‘지표 피라미드’다. 가장 아래층에는 운영 지표가 있다. 이는 직접 통제하거나 영향을 줄 수 있는 숫자들이다. 예를 들어 영업 콜 횟수, 해결된 버그 수, 마케팅 집행 비용 등이 여기에 해당한다. 중간에는 행동 또는 제품 지표가 위치한다. 사용자 행동과 참여도를 보여주는 지표로, 일간 활성 이용자, 체류 시간, 기능 사용률 등이 포함된다. 이는 운영 활동의 결과물이지만, 완전히 통제할 수 있는 수치는 아니다.

피라미드의 최상단에는 결과 지표가 있다. 이는 궁극적 목표, 다시 말해 ‘왜 이 일을 하는가’를 보여주는 수치다. 매출, 고객 유지율, 고객 만족도처럼 실제로 전달된 가치를 반영하는 지표들이 여기에 해당한다. 이 피라미드는 전술적 지표와 전략적 목표를 자연스럽게 연결해 준다. 여러 팀이 활용하는 ‘북극성 지표’와도 유사하다. 최상위에 핵심 지표가 하나 있고, 그 아래 이를 견인하는 주요 지표들이 있으며, 가장 아래에는 의사결정과 문제 해결을 돕는 보다 세밀한 데이터가 위치하는 방식이다. 실제로 많은 제품 관리 가이드 역시 명확성을 위해 이런 지표 피라미드 접근을 권장한다.

이를 기반으로, ‘월간 세션 수’ 같은 지표가 상승하면 “이것은 성과인가, 단순한 출력인가?”라는 질문을 스스로 던진다. 세션이 늘어나는 것이 매출 증가나 유지율 향상처럼 결과 지표와 연관된다면 적극적 신호일 수 있다. 그러나 UI 변경처럼 단순히 앱을 더 자주 열게 만든 요인 때문이라면 이는 대리 지표에 불과하다. 피라미드 구조로 사고하면 하위 지표의 상승이 상위 목표 달성으로 이어지는지, 혹은 단순한 노이즈인지 명확하게 구분할 수 있다. 하단 지표가 올랐다고 해서 상단 지표가 움직인다는 보장은 없다는 점을 항상 상기하게 된다.

‘제품–시장 적합성’의 신화

스타트업 세계에서 제품–시장 적합성(Product Market Fit, PMF)만큼 찬사를 받는 개념도 드물다. 이는 모든 요소가 맞아떨어지는 마법 같은 순간, 즉 사용자가 열광하고 성장세가 폭발하며 마침내 성공했다고 느끼는 시점을 말한다. 하지만 필자는 PMF를 단 한 번의 깨달음처럼 다루는 입장에 점점 회의적이 됐다. 실제로 적합성은 고정된 목표가 아니라 계속 움직인다. 초기 성과가 장기적 적합성을 보장하지도 않는다. 고객의 요구는 변하고, 경쟁자는 대응하며, 어제 맞았던 것이 내일도 맞는다는 보장은 없다. 그래서 PMF를 도달점이 아니라 지속적인 조정 과정으로 바라본다.

따라서 신화적 순간을 쫓기보다 추세와 흐름을 살필 필요가 있다. “PMF를 달성했다”라고 선언하는 대신, 지금도 여전히 실제 사람들의 실제 문제를 제대로 해결하고 있는지, 그리고 다른 대안보다 더 나은 해결책을 제공하고 있는지를 물어야 한다. 오래 살아남는 팀은 적합성을 한 번 찾는 데 그치지 않고 지속적으로 다듬어 나가는 팀이다.

빠르게 돌아가는 제품 개발 사이클에서는 다음 프로젝트로 곧바로 넘어가며 돌아볼 시간을 놓치기 쉽다. 그래서 주요 릴리스나 성장 실험을 마칠 때마다 ‘반성 회의’를 여는 것을 의례로 삼고 있다. 이 자리에서는 크게 3가지 질문을 던진다.

1. 올바른 지표를 측정했는가?
2. 어떤 지표가 실제로 통찰을 줬고, 어떤 지표가 오히려 판단을 흐리게 했는가?
3. 성장 가설 중 무엇이 실제로 틀렸는가?

이 과정을 꾸준히 실천한 팀은 시간이 갈수록 데이터를 다루는 데 훨씬 능숙해졌다. 이때 지표는 점수판이나 압박 도구가 아니라, 앞으로 가야 할 방향을 비춰주는 손전등이 된다.

의식의 중요성

지금까지의 모든 논점을 하나로 묶는 주제는 성장에서 의식의 중요성이다. 북극성 지표, 성장 루프, 바이럴 계수, OKR 같은 프레임워크는 유용한 도구지만, 맥락과 자기 인식을 갖고 사용할 때만 효과가 있다. 그래서 팀에는 “숫자와 맥락(직관, 사용자 조사, 시장 신호)이 서로 다른 메시지를 제시한다면 맥락을 우선하라”라고 지시한다.

성장은 전략이 아니라 결과다. 과거의 스스로에게 조언할 수 있다면, “트렌드라인을 쫓지 말고, 이해를 쫓아라”라고 말하고 싶다. 역설적이게도 사용자와 가치에 대한 이해가 깊어질수록, 성장은 더 자연스럽게 뒤따르고 더 건강하며 지속 가능해진다.
dl-ciokorea@foundryco.com

As employees experiment with gen AI tools on their own, CIOs are facing a familiar challenge with shadow AI. Although it’s often well-intentioned innovation, it can create serious risks around data privacy, compliance, and security.

According to 1Password’s 2025 annual report, The Access-Trust Gap, shadow AI increases an organization’s risk as 43% of employees use AI apps to do work on personal devices, while 25% use unapproved AI apps at work.

Despite these risks, experts say shadow AI isn’t something to do away with completely. Rather, it’s something to understand, guide, and manage. Here are six strategies that can help CIOs encourage responsible experimentation while keeping sensitive data safe.

1. Establish clear guardrails with room to experiment

Managing shadow AI begins with getting clear on what’s allowed and what isn’t. Danny Fisher, chief technology officer at West Shore Home, recommends that CIOs classify AI tools into three simple categories: approved, restricted, and forbidden.

“Approved tools are vetted and supported,” he says. “Restricted tools can be used in a controlled space with clear limits, like only using dummy data. Forbidden tools, which are typically public or unencrypted AI systems, should be blocked at the network or API level.”

Matching each type of AI use with a safe testing space, such as an internal OpenAI workspace or a secure API proxy, lets teams experiment freely without risking company data, he adds.

Jason Taylor, principal enterprise architect at LeanIX, an SAP company, says clear rules are essential in today’s fast-moving AI world.

“Be clear which tools and platforms are approved and which ones aren’t,” he says. “Also be clear which scenarios and use cases are approved versus not, and how employees are allowed to work with company data and information when using AI like, for example, one-time upload as opposed to cut-and-paste or deeper integration.”

Taylor adds that companies should also create a clear list that explains which types of data are or aren’t safe to use, and in what situations. A modern data loss prevention tool can help by automatically finding and labeling data, and enforcing least-privilege or zero-trust rules on who can access what.

Patty Patria, CIO at Babson College, notes it’s also important for CIOs to establish specific guardrails for no-code/low-code AI tools and vibe-coding platforms.

“These tools empower employees to quickly prototype ideas and experiment with AI-driven solutions, but they also introduce unique risks when connecting to proprietary or sensitive data,” she says.

To deal with this, Patria says companies should set up security layers that let people experiment safely on their own but require extra review and approval whenever someone wants to connect an AI tool to sensitive systems.

“For example, we’ve recently developed clear internal guidance for employees outlining when to involve the security team for application review and when these tools can be used autonomously, ensuring both innovation and data protection are prioritized,” she says. “We also maintain a list of AI tools we support, and which we don’t recommend if they’re too risky.”

2. Maintain continuous visibility and inventory tracking

CIOs can’t manage what they can’t see. Experts say maintaining an accurate, up-to-date inventory of AI tools is one of the most important defenses against shadow AI.

“The most important thing is creating a culture where employees feel comfortable sharing what they use rather than hiding it,” says Fisher. His team combines quarterly surveys with a self-service registry where employees log the AI tools they use. IT then validates those entries through network scans and API monitoring.

Ari Harrison, VP of IT at branding manufacturer Bamko, says his team takes a layered approach to maintaining visibility.

“We maintain a living registry of connected applications by pulling from Google Workspace’s connected-apps view and piping those events into our SIEM [security information and event management system],” he says. “Microsoft 365 offers similar telemetry, and cloud access security broker tools can supplement visibility where needed.”

That layered approach gives Bamko a clear map of which AI tools are touching corporate data, who authorized them, and what permissions they have.

Mani Gill, SVP of product at cloud-based iPaaS Boomi, argues that manual audits are no longer enough.

“Effective inventory management requires moving beyond periodic audits to continuous, automated visibility across the entire data ecosystem,” he says, adding that good governance policies ensure all AI agents, whether approved or built into other tools, send their data in and out through one central platform. This gives organizations instant, real-time visibility into what each agent is doing, how much data it’s using, and whether it’s following the rules.

Tanium chief security advisor Tim Morris agrees that continuous discovery across every device and application is key. “AI tools can pop up overnight,” he says. “If a new AI app or browser plugin appears in your environment, you should know about it immediately.”

3. Strengthen data protection and access controls

When it comes to securing data from shadow AI exposure, experts point to the same foundation: data loss prevention (DLP), encryption, and least privilege.

“Use DLP rules to block uploads of personal information, contracts, or source code to unapproved domains,” Fisher says. He also recommends masking sensitive data before it leaves the organization, and turning on logging and audit trails to track every prompt and response in approved AI tools.

Harrison echoes that approach, noting that Bamko focuses on the security controls that matter most in practice: Outbound DLP and content inspection to prevent sensitive data from leaving; OAuth governance to keep third-party permissions to least privilege; and access limits that restrict uploads of confidential data to only approved AI connectors within its productivity suite.

In addition, the company treats broad permissions, such as read and write access to documents or email, as high-risk and requires explicit approval, while narrow, read-only permissions can move faster, Harrison adds.

“The goal is to allow safe day-to-day creativity while reducing the chance of a single click granting an AI tool more power than intended,” he says.

Taylor adds that security must be consistent across environments. “Encrypt all sensitive data at rest, in use, and in motion, employ least-privilege and zero-trust policies for data access permissions, and ensure DLP systems can scan for, tag, and protect sensitive data.”

He notes that companies should ensure these controls work the same on desktop, mobile, and web, and keep checking and updating them as new situations come up.

4. Clearly define and communicate risk tolerance

Defining risk tolerance is as much about communication as it is about control. Fisher advises CIOs to tie risk tolerance to data classification instead of opinion. His team uses a simple color-coded system: green for low-risk activities, such as marketing content; yellow for internal documents that must use approved tools; and red for customer or financial data that can’t be used with AI systems.

“Risk tolerance should be grounded in business value and regulatory obligation,” says Morris. Like Fisher, Morris recommends classifying AI use into clear categories, what’s permitted, what needs approval, and what’s prohibited, and communicating that framework through leadership briefings, onboarding, and internal portals.

Patria says Babson’s AI Governance Committee plays a key role in this process. “When potential risks emerge, we bring them to the committee for discussion and collaboratively develop mitigation strategies,” she says. “In some cases, we’ve decided to block tools for staff but permit them for classroom use. That balance helps manage risk without stifling innovation.”

5. Foster transparency and a culture of trust

Transparency is the key to managing shadow AI well. Employees need to know what’s being monitored and why.

“Transparency means employees always know what’s allowed, what’s being monitored, and why,” Fisher says. “Publish your governance approach on the company intranet and include real examples of both good and risky AI use. It’s not about catching people. You’re building confidence that utilizing AI is safe and fair.”

Taylor recommends publishing a list of officially sanctioned AI offerings and keeping it updated. “Be clear about the roadmap for delivering capabilities that aren’t yet available,” he says, and provide a process to request exceptions or new tools. That openness shows governance exists to support innovation, not hinder it.

Patria says in addition to technical controls and clear policies, establishing dedicated governance groups, like the AI Governance Committee, can greatly enhance an organization’s ability to manage shadow AI risks.

“When potential risks emerge, such as concerns about tools like DeepSeek and Fireflies.AI, we collaboratively develop mitigation strategies,” she says.

This governance group not only looks at and handles risks, but explains its decisions and the reasons behind them, helping create transparency and shared responsibility, Patria adds.

Morris agrees. “Transparency means there are no surprises. Employees should know which AI tools are approved, how decisions are made, and where to go with questions or new ideas,” he says.

6. Build continuous, role-based AI training

Training is one of the most effective ways to prevent accidental misuse of AI tools. The key is be succinct, relevant, and recurring.

“Keep training short, visual, and role-specific,” says Fisher. “Avoid long slide decks and use stories, quick demos, and clear examples instead.”

Patria says Babson integrates AI risk awareness into annual information security training, and sends periodic newsletters about new tools and emerging risks.

“Routine training sessions are offered to ensure employees understand approved AI tools and emerging risks, while departmental AI champions are encouraged to facilitate dialogue and share practical experiences, highlighting both the benefits and potential pitfalls of AI adoption,” she adds.

Taylor recommends embedding training in-browser, so employees learn best practices directly in the tools they’re using. “Cutting and pasting into a web browser or dragging and dropping a presentation seems innocuous until your sensitive data has left your ecosystem,” he says.

Gill notes that training should connect responsible use with performance outcomes.

“Employees need to understand that compliance and productivity work together,” he says. “Approved tools deliver faster results, better data accuracy, and fewer security incidents compared with shadow AI. Role-based, ongoing training can demonstrate how guardrails and governance protect both data and efficiency, ensuring that AI accelerates workflows rather than creating risk.”

Responsible AI use is good business

Ultimately, managing shadow AI isn’t just about reducing risk, it’s about supporting responsible innovation. CIOs who focus on trust, communication, and transparency can turn a potential problem into a competitive advantage.

“People generally don’t try and buck the system when the system is giving them what they’re looking for, especially when there’s more friction for the user in taking the shadow AI approach,” says Taylor.

Morris concurs. “The goal isn’t to scare people but to make them think before they act,” he says. “If they know the approved path is easy and safe, they’ll take it.”

That’s the future CIOs should work toward: a place where people can innovate safely, feel trusted to experiment, and keep data protected because responsible AI use isn’t just compliance, it’s good business.

요점은 다음과 같다.

• 새로운 관리자는 무리한 행동에 나서기보다 직원 참여를 통해 변화를 추진해야 한다.
• 조직 내 조화를 지나치게 중시하는 리더는 대체로 갈등을 회피하는 경향이 있어 문제 대응이 늦어질 때가 많다.
• 목표를 달성하려면 관리자는 적절한 권한 위임을 통해 시간을 확보할 수 있어야 한다.

승진을 통해 리더가 된 것은 분명 의미 있는 성취다. 이제 눈앞에는 흥미롭고도 배움 많은 시기가 펼쳐지며, 동시에 곳곳에는 시행착오와 위험 요소가 도사리고 있다. 하지만 많은 신임 리더와 관리자가 저지르는 다음 8가지 실수를 미리 이해한다면, 걸림돌을 충분히 예측하고 피할 수 있다.

취임 인사의 중요성을 과소평가한다

기존 구성원과 이미 함께 일해왔든 완전히 새로운 환경에서 리더 역할을 맡게 됐든, 직원들은 새 상사를 빨리 만나고 싶어 한다. 부임 후 이틀 또는 사흘째 되는 날 팀을 초대해 간단한 환영 자리를 마련하고, 공식적으로 자신을 소개하는 것이 좋다. 짧은 인사말에는 자신의 경력과 업무 경험을 간단히 소개하고, 리더십 스타일과 가치관, 초기 목표에 대한 윤곽을 제시해야 한다. 직원 면담 일정과 현장 방문, 킥오프 미팅 계획 등 초기 운영 방향에 대한 구체적인 정보도 함께 전달하는 편이 바람직하다.

주의할 점도 있다. “튼튼한 토대를 위한 최고의 전제 조건은 견고한 기반이다” 같은 공허한 문구는 새로운 역할에서 좋은 출발을 망칠 뿐이다. 이는 독일 연방의회에서도 실제로 사용된 표현인데, 의미 없는 수사, 지나치게 긴 자기소개, 전임자에 대한 평가나 기존 방식에 대한 비판은 신뢰를 얻는 데 전혀 도움이 되지 않는다.

부임 초기 100일 동안 모든 것을 뒤집는다

새로운 관리자가 오면 조직은 당연하게도 변화를 기대한다. 이런 분위기 속에서 신임 관리자는 과도한 활동에 몰두하며 자신의 존재감을 입증하려는 경향을 보인다. 그러나 이런 모습은 팀을 이끌며 방향을 잡기보다, 스스로의 위치와 성과에만 지나치게 집중하는 사람처럼 비칠 수 있다.

초기 몇 주는 직원 면담과 업무 현장 방문에 집중하는 편이 훨씬 효과적이다. 이를 통해 구성원이 기대하는 바, 맡고 있는 업무, 협업 방식, 내부 프로세스, 잠재적 문제 지점 등을 전체적으로 파악할 수 있기 때문이다. 평가와 이해가 충분히 이뤄진 뒤에야, 직원 참여를 통한 변화가 비로소 의미 있게 추진될 수 있다.

직원에게 휘둘린다

문제가 생기면 직원은 대체로 상사의 도움을 기대한다. 상부의 압박이든, 외부 이해관계자와의 갈등이든, 팀 내부의 문제이든 마찬가지다. 새 관리자가 부임하면 직원들은 그동안 해결되지 않았던 불만이나 미해결 사안을 풀어달라며 새로운 상사를 적극적으로 끌어들이려 한다. 대외적으로 대신 목소리를 내주길 기대하는 것이다.

그러나 이때 주의가 필요하다. 이런 상황에서는 직원 개인의 주관적 판단만 전달되는 경우가 많다. 따라서 성급한 약속이나 즉흥적 결정을 피하고, 우선 현재 상황과 책임 구조를 충분히 이해하는 것이 중요하다.

특정 직원과 과도하게 가까워진다

동료 간 우호적인 분위기는 업무 만족도를 높이고, 근무 외 시간에 나누는 대화 역시 긍정적인 조직 문화를 만드는 데 도움이 된다. 그러나 특정 직원과 개인적 친분이 깊어지면, 이 관계가 업무에 어떤 영향을 미칠지 점검해야 한다. 특히 중요한 의사결정이나 갈등 상황에서 공정성을 유지할 수 있는지, 다른 직원·동료·상사는 이를 어떻게 받아들일지 자문할 필요가 있다. 리더와 직원 모두를 보호하기 위해서는 적절한 거리감을 유지하는 것이 바람직하다.

항상 옳다고 주장하고 실수를 인정하지 않는다

실수를 인정하거나 직원의 비판을 받아들이는 것은 종종 약점을 드러내는 행동이라고 해석되곤 한다. 하지만 실제로는 정반대다. 정당한 비판에 열린 태도를 보이고, 필요하다면 결정을 바로잡으려는 자세야말로 진정한 리더십 역량을 보여준다. 이러한 태도는 리더의 신뢰도를 높이고 구성원에게 모범을 제시한다. 스스로 실천하지 못하는 것을 직원에게 요구할 수는 없다.

갈등을 피하려 한다

조직 내 조화를 중시하는 리더는 대개 갈등을 회피하는 성향을 보인다. 문제가 저절로 해결되길 바라는 마음에 상황이 악화될 때까지 대응을 미루는 경우도 흔하다. 직원의 부적절한 행동이든, 팀 내 갈등이든, 리더는 초기에 기대치를 명확히 전달하고, 지속적으로 건설적인 피드백을 제공하며, 필요할 때 즉시 방향을 조정해야 한다. 대응이 늦어지면 피로감이 커지고 오해가 쌓인다. 명확성은 리더십의 핵심 성공 요인이며, 친절함과 양립할 수 없는 가치가 아니다.

항상 문을 열어둬야 한다고 생각한다

상사가 직원의 요구사항에 관심을 갖고 있다는 인상을 주는 것은 중요하지만, “언제든 찾아오라”라는 말은 리더에게 치명적일 수 있다. 계획되지 않은 대화는 일의 흐름을 끊고, 진행 중인 중요한 업무를 방해하기 때문이다.

다시 말해, ‘중간중간’ 리더십을 발휘하려는 방식은 적절하지 않다. 사전에 시간을 정해 직원 상담을 위한 별도 시간을 확보해야 한다. 반대로 집중이 필요한 업무 시간에는 문을 닫는 것이 효율적이다. ‘열린 문’이라는 환상은 직원이 충분히 스스로 해결할 수 있는 문제까지 상사에게 의존하게 만드는 부정적 결과를 낳을 수 있다.

전문가를 능가하려 한다

모든 기술적 질문에 답하거나 모든 문제를 직접 해결해야 한다고 믿는 것은 큰 착각이다. 이는 각 분야의 전문성을 가진 직원의 역할이며, 관리자의 본래 임무는 리더십과 조직 운영에 있다. 이런 책임까지 스스로 떠안으려 하면 결국 핵심 업무에 집중하지 못하게 된다. 시간을 확보하고 목표를 효과적으로 달성하려면, 적절한 위임이 필수적이다.
dl-ciokorea@foundryco.com

Across enterprise deployments, the decisive variable isn’t only the specific LLM; it’s the infrastructure strategy as well —how organizations provision, govern, and scale GPU capacity. Projects stall not because teams lack ideas, but because we pick the wrong way to power them. We still treat GPUs like a procurement item when they are closer to an operating strategy. If your strategy is still forming—as it is for many sensible companies—the pragmatic default is to borrow first: Start by prototyping on GPU-as-a-Service—run multiple models on top of rented GPUs; validate ROI with live benchmarks before you decide what to build or buy.

Picture a Tuesday budget review. One team wants an on-prem cluster “so we’re not at the mercy of the cloud.” Another wants to keep everything with a hyperscaler because “we can’t wait twelve weeks.” Finance is staring at a graph that looks more like a mountain range than a plan. None of them are wrong. Owning capacity is compelling when you fine-tune frequently, need hard latency guarantees, or must keep data in a strict boundary. You control interconnects and schedulers, and unit costs look attractive—if utilization stays high. But racks and cards are the easy part. The less glamorous reality is drivers, firmware, cooling, observability, security, and an ops team that runs this like a product. Private clusters idling at “respectable” 35% are not cheap; they are expensive in time.

Buying from a managed platform is the opposite energy: idea on Monday, demo on Friday. You borrow the provider’s maturity—tooling, accelerators, global reach—and pay for that privilege. The risks are familiar: multi-tenant guardrails, the creep of lock-in if you don’t standardize interfaces, and egress that bites. But for many programs, speed is the difference between a pilot that ships and a pilot that fades into a wiki.

This is why I nudge uncertain teams toward borrowing—GPU-as-a-Service—first. Treat it as an option, not a crutch. It absorbs spikes, enables honest bake-offs across model families and hardware generations, and turns capital debates into measured operating experiments. After a few cycles, your own data starts to talk back: what you spend per 1,000 tokens, which workloads are spiky theatre and which are boring baseload, where latency really matters (as in users notice) and where it doesn’t. Only then decide what to own, what to reserve, and what to keep elastic.

All of this only works if the architecture is portable by design. Containerize training and inference. Use open interfaces—ONNX for models, KServe/KFServing for serving—and keep a neutral registry so versions don’t vanish into ticket threads. Keep data flows honest about gravity. Retrieval-augmented generation is a good test: embeddings and sources should live where latency and policy demand, not where a provider’s defaults land them. If shifting a workload from borrowed to reserved capacity requires a rewrite, you don’t have an architecture—you have a dependency with good intentions.

Governance can’t wait for “phase two.” Trust is not a slide; it is evaluation harnesses that run every day. Keep a small, boring set of tests—factuality, safety, toxicity, fairness—and run them across environments. Log prompts and decisions. Track lineage from data source to output so auditors, and your future self, can explain why a model said what it said. Apply the same discipline to money. Treat inference like a product with service levels for latency, availability, and cost per request. Then squeeze it: smaller specialist models where they fit; distillation and quantization where they don’t. In the real world, serving—not training—often dominates the bill.

If you want a straightforward way to start, admit uncertainty. Stand up GPU-as-a-Service and run two benchmark rounds: first across model families, then across hardware. Keep the scoring plain—end-to-end latency people feel, accuracy the business accepts, and a cost you can explain to finance without footnotes. Over a quarter, you’ll see a curve of “known work.” Move that steady baseload to owned or reserved capacity—whichever the math favors. Leave seasonality, experiments, migrations, and cross-generation tests on the borrowed tier. Push the lowest-latency inference to the edge where decisions actually happen—shops, plants, fleets—and keep the rest near your data lakes. Most important, operate with one fabric for observability and policy across all three modes so you’re not running three AI programs that merely share a name.

You’ll notice I haven’t said “never build” or “always buy.” The truth is less dramatic. Owning pays when utilization is real and sovereignty is non-negotiable. Buying pays when speed compounds and you need to move a portfolio of ideas across the finish line. Borrowing pays when you’re honest about not knowing the mix yet—and you want the learning to be cheap and fast. That isn’t fence-sitting; it’s how you stop arguing about ideology and start arguing about facts.

My bias is clear: if your strategy is still forming, start with GPU-as-a-Service. It buys time without buying regret and keeps options open while you learn your own economics. When you’re ready, land your baseload where it belongs—owned or reserved—and keep the rest elastic. Do that, and the conversation with your board shifts from “Can we trust this?” to “Where else can we apply it, and what’s the payback?” Compute stops being a bottleneck and starts behaving like what it really is in 2025: an instrument of strategy.

In today’s rapidly changing digital landscape, CEOs and CIOs are under constant pressure to do more with less, reduce costs, increase agility, and ensure technology investments directly enable business growth. One of the most effective ways to achieve these objectives is by optimizing your third-party IT services portfolio.

An optimized portfolio not only unlocks cost savings but also enhances flexibility, strengthens risk management, and fosters innovation by aligning IT delivery with broader strategic goals. Here are the top 10 benefits to such a strategy:

Cost efficiency

An optimized portfolio can help with cost reduction and better financial management of IT services spend. By outsourcing certain IT functions to specialized vendors, companies can often achieve cost savings compared to in-house solutions. CEOs are always focused on maximizing profits and reducing unnecessary expenses, making cost-efficient IT services a priority.

Optimizing a decentralized portfolio into a centralized model can reduce IT services spend by up to 30% in fees alone. Beyond direct savings, consolidation creates a stronger base of institutional knowledge around systems, culture, and talent, accelerating onboarding and ensuring continuity of delivery.

Concentrating spend among a select set of strategic partners also creates meaningful leverage. Expect sustainable volume discounts, provider-led investments in technology and COEs, andbest-in-class commercial terms. The result is a more cost-effective, stable, and performance-driven services ecosystem.

Focus on core business

Outsourcing non-core IT functions allows the organization to concentrate on primary business activities. This aligns with the strategic goals of the CEO, who wants the company to excel in its main areas of expertise.

Technology is advancing at its most aggressive pace in decades, and staying current requires time and specialized skills. By entrusting day-to-day IT operations to trusted providers, organizations can reallocate internal resources toward higher-value initiatives such as digital transformation, automation, and product innovation. This accelerates adoption of emerging technologies, and allows internal teams to deepen business expertise, strengthen cross-functional collaboration, and focus on driving growth where it matters most.

Scalability and flexibility

A well-structured third-party IT services portfolio can provide flexibility to scale up or down based on business needs. This is particularly valuable for CEOs who need to adapt to changing market conditions and seize growth opportunities.

Securing talent in the market today is challenging and time consuming, so tapping into the talent pools of your strategic IT services partner base allows organizations to leverage their bench strength to fill immediate needs for talent.

Highly optimized IT service provider portfolios benefit from the institutional knowledge partners obtain over multiple engagements to ensure onboarded resources are the right fit for the organization’s culture. Provider partners often tap resources to fill needs that have worked in some capacity for the organization on prior engagements, allowing resources to hit the ground running by having experience in the environment, with people, and processes.

Innovation and expertise

Outsourcing IT services can grant access to specialized expertise and innovative technologies that the organization might not possess in-house. CEOs are often interested in staying ahead of the curve and leveraging the latest advancements to drive competitive advantage. They also increasingly look to IT service provider expertise in IT security solutions, as well as in advancements and innovation by leveraging AI.

IT service providers continuously invest in advanced tech and talent development, enabling clients to benefit from cutting-edge innovations without bearing the full cost of adoption. As AI, automation, and cybersecurity evolve, providers offer the subject matter expertise and tools organizations need to stay ahead of disruption.

By tapping into this ecosystem, businesses can improve stability, enhance operational efficiency, and accelerate transformation, positioning IT as a true driver of competitive differentiation.

Risk management

CIOs and CEOs share a concern for managing and mitigating risks. By partnering with reliable and experienced third-party IT service providers, organizations can offload some risks associated with technology management, cybersecurity, compliance, and regulatory issues.

The largest risks reside within the security of an organization’s data, its platforms, and applications. Providers like Accenture, Wipro, and TCS have built strong security services platforms that allow organizations to leverage the depth and breadth of partner resources to keep up with technology advances.

Focus on strategy

With operational stability ensured through a balance of internal talent and trusted third parties, CIOs can dedicate more focus to long-term strategic initiatives that fuel growth and innovation. As technology evolves, shifts in spend across your provider landscape can reveal new leverage opportunities, whether through volume consolidation, strategic renewals, or rebalanced sourcing models.

A well-optimized portfolio gives CIOs the visibility and flexibility to adjust quickly, align investments with business priorities, and continually extract greater value from every provider relationship.

Agility and time to market

Third-party IT services can accelerate project timelines and improve time to market for new products or services. This aligns with CEO desires to be agile and responsive to market demands. 

An optimized IT services portfolio enables organizations to tap into providers with proven delivery methodologies, agile frameworks, and global delivery centers that operate around the clock. This delivery model shortens development cycles, enhances responsiveness, and ensures critical initiatives move from concept to deployment faster. When providers are strategically aligned to your business priorities, they proactively identify opportunities to streamline workflows and eliminate bottlenecks, turning IT into an enabler of innovation rather than a constraint on progress.

Resource allocation

CEOs and CIOs can allocate internal resources more effectively by leveraging external expertise. This can lead to better resource allocation, improved efficiency, and enhanced overall performance.

Optimized portfolios ensure that resources, both internal and external, are strategically aligned with enterprise goals. By clearly defining roles and responsibilities across your IT ecosystem, internal teams can focus on initiatives that differentiate the business while third-party providers manage standardized or commodity functions. This balance creates organizational clarity, eliminates duplication of effort, and enhances operational efficiency.

Over time, this structure supports workforce planning and succession development, allowing organizations to invest in the right internal skillsets for long-term strategic growth.

Competitive edge

A well-managed third-party IT services portfolio can provide an edge by allowing organizations to leverage external partner expertise and resources to outpace competitors. Organizations that view their IT service providers not merely as vendors, but as strategic extensions of their teams usually have an upper hand.

Through continuous engagement, co-innovation, and shared investment models, organizations can pilot emerging technologies faster than peers and bring differentiated offerings to market. Providers with deep domain expertise often introduce industry best practices and benchmark insights that inform strategic decision-making. When these partnerships are managed proactively and built on mutual value, the result is a sustained competitive advantage rooted in speed, innovation, and operational excellence.

Business continuity

Outsourcing certain IT functions can contribute to business continuity planning by having redundancy and backup systems in place through third-party providers. Optimized third-party portfolios enhance resilience by ensuring redundancy across critical infrastructure, applications, and operations.

Leading IT service providers invest heavily in high-availability architectures, disaster recovery capabilities, and geographically diverse data centers, all of which strengthen your organization’s continuity posture. A diversified yet coordinated provider ecosystem ensures rapid recovery in the event of outages, cyber incidents, or natural disasters.

Overall, an optimized third-party IT services portfolio can contribute significantly to achieving the strategic objectives of CEOs and CIOs, including cost savings, efficiency improvements, innovation, risk management, and competitive advantage. However, it’s important to carefully select and manage third-party vendors to ensure they align with the organization’s goals. Otherwise, significant value and cost savings could be left on the table.

“Scale” is often mistaken for success — a signal that something works. But in practice, growth stresses not just the roadmap, but the architecture, the data layer, the incident response system and the team’s ability to operate under load. SLAs, SLOs and latency budgets that felt “good enough” at early stages begin to collapse under new concurrency and traffic patterns. I’ve seen healthy metrics mask brittle systems — until one feature launch brings everything crashing down.

• Scaling too early — without aligned metrics and operational resilience — remains a top reason for product failure.
• Metrics are only meaningful when rooted in your specific context, not borrowed benchmarks.
• Engineering readiness (DORA, error budgets, SLOs) must evolve alongside product growth or risk failure under load.

Over the past decade, I’ve watched promising teams burn out chasing vanity metrics and products buckle from premature scale. In fact, 70% of startups fail because they try to grow before the product and platform are truly ready. The real challenge isn’t how to grow faster — it’s how to grow without collapsing the system. That requires alignment across metrics, product maturity and engineering resilience.

One of the earliest lessons I learned: Metrics aren’t trophies — they’re mirrors. Chasing a single number, like monthly active users, once gave us impressive charts but a weak business. We were scaling vanity, not value. Today, instead of generic KPIs, I focus on 4–6 product-specific indicators — signup conversion rate, CAC, DAU-to-MAU ratio, first key action rate, retention in specific action — that reflect how value actually moves through the system. Metrics should guide awareness, not just validate success. As Goodhart’s Law reminds us: Once a measure becomes a target, it stops being a good measure.

People start gaming the number or optimizing for it at the expense of true outcomes. A notorious example was Wells Fargo’s sales scandal — management fixated on a metric (number of accounts per customer) and set such aggressive targets that employees began opening millions of fake accounts just to hit the goal. The metric looked great on paper, but it destroyed customer trust and led to billions in fines. The lesson: Don’t let any single metric become a false idol. Define success in a more balanced way that reflects real value creation for your product and users.

Benchmarks as guardrails

Benchmarks are useful — but only when treated as reference points, not commandments. They help spot when something’s off (say, an unusually low conversion rate), but they’re not meant to define what success should look like for your product. Early on, I made the mistake of comparing our “chapter two” to someone else’s “chapter ten.” I’d see another SaaS boasting 50% Day-1 retention and panic that we were underperforming at 30%, without factoring in that we were solving a different problem, at a different stage, with a different user base.

That’s how teams end up racing in a lane that isn’t theirs. Every product exists in its own context — timing, budget, team maturity, market complexity. Benchmarks can inform, but they should never dictate. Treating them as gospel can create a dangerous illusion of objectivity — leading you to ignore your actual constraints or chase metrics that were never yours to begin with.

In practice, I use benchmarks the way I use weather forecasts: They tell me what kind of conditions to expect, but they don’t determine the route. The real job is understanding which metrics actually reflect value for your product — and then tuning the rest of the system around that.

Operational readiness

No matter how promising the metrics look, scaling a product without engineering readiness is like building on soft ground. Growth puts operational systems under pressure — deployment pipelines, observability tools, latency budgets and release cadences all get stress-tested in real time.  That’s why we treat DORA metrics (like deployment frequency and change failure rate) as early indicators of scaling capacity, not just engineering KPIs.

Before dialing up growth loops, we ask: Are our incident response processes resilient? Do we have error budgets in place, and are they respected? Are performance regressions visible early enough to prevent customer pain?

Scaling isn’t just about acquiring more users — it’s about handling them without breaking trust or stability. Tech debt may not block your next release, but it will compound under pressure. In that sense, infrastructure and platform health are product decisions — because they shape how fast and safely you can move when growth actually arrives.

But metrics don’t just fail at scale because of bad infrastructure — they fail because of how we interpret them.

Metric hygiene

Before any big “results review” meeting or growth update, my team knows I’ll be declaring a data hygiene day. It’s not glamorous, but it’s essential. We verify that key events are tracked correctly, naming is consistent and funnels reflect actual user flows. This habit formed after we celebrated a spike in onboarding — only to later discover it was caused by a faulty event firing too early. That incident taught me the cost of bad data: It creates fake confidence and misleads decision-making. Bad data creates fake confidence – and fake confidence is the most expensive bug of all.

I now treat metric hygiene as seriously as fixing a critical software bug. This isn’t just my eccentricity; it’s borne out by broader evidence. Surveys indicate that 58% of business leaders claim key decisions are often based on inaccurate or inconsistent data. Imagine that – more than half of companies may be betting on wrong numbers, or at least shaky. In the long run, the cost of poor data quality is substantial: A Gartner study reveals that poor data quality costs organizations an average of $15 million annually. Clean metrics are not just technical hygiene — they’re a form of risk management. Before celebrating progress, make sure your measurement system isn’t lying.

Beware of proxy metrics, the ‘blind spots’ of growth

Not every growing number means you’re winning. In fact, some metrics can grow impressively while masking stagnation or decline in actual value. I call these proxy metrics (or sometimes “blind metrics”). They’re the numbers that give an illusion of success while your core value proposition languishes. Classic examples: App downloads can be skyrocketing, but active usage could be flat. Or page views on your site might be high (perhaps due to clickbait marketing) while conversion to paying customers remains low. We often become metric-blind in these cases: We see the graph going up, but don’t question what it really means.

To stay grounded, I organize metrics in a simple hierarchy — a metric pyramid of sorts. At the base are operational metrics (the day-to-day numbers you can directly control or influence: e.g., number of sales calls made, bugs resolved or marketing spend). In the middle are behavioral or product metrics (these show user behavior and engagement: e.g., daily active users, time spent, feature adoption rates — they result from your operations but aren’t solely under your control).

At the top are outcome metrics, which capture the ultimate goals or the “Why” — often things like revenue, customer retention rate or customer satisfaction that reflect delivered value. This pyramid ensures we connect the tactical metrics to strategic outcomes. It’s similar to the North Star framework many teams use, where a single top-level metric is supported by a few key drivers, and beneath those are a plethora of granular metrics. In fact, product management guides suggest using a metrics pyramid for clarity: At the top you have a North Star outcome, in the middle, the metrics tied to actions you’re taking to influence that outcome, and at the bottom, the finer data points that help troubleshoot and inform decisions.

When I see a metric like “monthly sessions” rising, I force myself to ask: Is this an outcome or just an output? More sessions could mean success if it correlates to the outcome (say, higher revenue or better retention), but it could also be a proxy metric — perhaps users are opening the app more frequently because of a UI change, but not actually getting more value. By structuring our thinking in a pyramid, we remind ourselves that an uptick at the bottom doesn’t guarantee movement at the top.

The myth of ‘product-market fit’

In startup lore, few concepts are more celebrated than product-market fit (PMF) — that magical moment when everything clicks: Users love the product, growth surges and you feel like you’ve “made it.” But I’ve grown skeptical of framing PMF as a one-time epiphany. In reality, fit is a moving target — a continuous process, not a milestone. Early traction doesn’t guarantee long-term alignment. Customer needs shift, competitors respond and what fit yesterday might not work tomorrow. That’s why I treat PMF as ongoing calibration, not a finish line.

So instead of chasing a mythical moment, I pay attention to trends and trajectories. Rather than declaring “we have PMF,” I ask: How well are we still solving a real problem for real people — and are we doing it better than alternatives? Teams that endure don’t just find fit once — they continuously refine it.

In fast-paced product cycles, it’s easy to jump from one project to the next without pausing. But I’ve made it a ritual that after every major release or growth experiment, we hold a reflection session. In that session, we ask three questions:

1. Did we measure the right things?
2. Which metrics truly gave us clarity, and which ended up misleading or blinding us?
3. Which of our growth assumptions were proven wrong by reality?

I’ve noticed that teams who embrace this reflective practice become much more data-savvy over time. The metrics then stop being a scorecard or cudgel, and become a flashlight — something that illuminates the path forward.

Final thoughts

If there’s one theme that ties all these lessons together, it’s the importance of consciousness in growth. Frameworks and tactics — North Star metrics, growth loops, viral coefficients, OKRs — all of these are useful tools, but only if wielded with self-awareness and context. I often tell myself and my team: When the numbers say one thing and your context (your intuition, user research, market signals) says another, trust the context.

Growth is an outcome, not a strategy. If I could send advice to my younger self, it would be: Don’t chase the trendline, chase understanding. Ironically, when you truly understand your users and your value, growth tends to follow naturally — and it will be healthier and more sustainable.

This article is published as part of the Foundry Expert Contributor Network.
Want to join?

Neurodiversity in the workforce can bring new perspectives, fresh ideas, and has the potential to make teams 30% more productive, according to research from Deloitte. Neurodivergent professionals often demonstrate strengths in areas such as creativity, systems thinking, and the ability to hyperfocus on areas of interest.

However, those strengths also come with increased challenges around sensory overload and navigating unstructured social and professional interactions. But with the right accommodations implemented, IT leaders stand to benefit from increased diversity of thought and perspective when hiring neurodivergent tech professionals.

Enteprise technology vendor Pure Storage is one company that has worked to build a more inclusive environment for neurodiverse tech workers. Paolo Juvara, chief digital transformation officer and executive sponsor for the company’s ABLE employee resource group, says the company recognized, based on “general population statistics,” that there is likely to be a high percentage of neurodiverse employees in its organization. As a result, Pure Storage set about fostering an inclusive environment where neurodiverse employees can thrive.   

“Better understanding this population is key to serving them well. For that reason, we encourage employees to disclose their diagnosis, but we are aware that this is a very sensitive topic, and we do not want to create any sort of pressure around it,” Juvara says.

Creating a culture for disclosure

Receiving a diagnosis of neurodivergence can be a significant moment for any individual, often “providing a sense of validation and self-understanding,” according to the Promoting Neurodiversity report from the Association of Project Management. But disclosing that diagnosis at work is a nuanced and complex decision, with “potential risks, particularly for those in junior roles.”

In addition to fears of discrimination or misunderstanding, neurodivergent professionals can also be concerned that any work-related issues will be drawn back to their individual diagnosis. Because of this, employees need a sense of security around disclosing a diagnosis. Examples of how doing so will benefit their careers and professional life, rather than work against them, can help.

Employees who don’t feel comfortable disclosing neurodivergent conditions often find themselves “grappling with escalating levels of stress and frustration,” according to Change The Face’s Neurodiversity in the Tech Sector report. On the employer’s side, this discomfort can turn into “diminished engagement and productivity.”  Only 43% of neurodivergent respondents say they had disclosed their diagnosis to their employer, with 57% saying they did not disclose.

Reasons for not disclosing include feeling that the potential outcomes of disclosure are not worth the risk (53%), concerns about stigma (27%), and fears of career impact (24%). Only 9% of neurodivergent employees said they seek adjustments — and of those who did seek accommodations, 56% said they received what they asked for, while 29% said they received partial accommodations. Reasons cited for not seeking accommodations include concerns about perception (32%) and uncertainty about needed adjustments (29%).

At Pure Storge, cultivating an environment that welcomes disclosure of neurodivergent diagnosis has helped many employees to come forward to share their disabilities. Štěpán Hladík, a technical sourcer in R&D recruiting, has disclosed his neurodivergence at work, noting he feels “truly privileged to have been around colleagues who are willing to understand or actively try to learn about biases that impact all of us.”

While that’s been his experience at Pure Storage, Hladík notes that he’s had previous experiences at other companies that left him feeling misunderstood or frustrated.

“The structure [at Pure Storage] helps me quite a bit,” says Hladík, who works closely with his team to identify accommodations. He has also brought his perspective to the company’s hiring process to help ensure the company better accommodates neurodivergent candidates and reduces bias.

Implementing accommodations and formal policies

Neurodivergent professionals are skilled at managing their disabilities through self-initiated coping strategies, whether that’s through therapy or interpersonal networks. But it’s still critical for organizations to implement formal organizational support and policies to help reduce stress on neurodivergent employees.

Neurodivergent employees have an increased need for clear and structured communication, such as creating predictability around meetings and communication. This can help improve engagement and reduce stress or anxiety for neurodivergent workers. It’s also important to be consistent in maintaining these policies, so that they’re respected across the organization and become part of the organization’s core business practices.

Juvara says Pure Storage partnered with Auticon, an IT consulting business that employs and supports adults on the autism spectrum in IT and tech, to assess the company’s environment, policies, and processes to ensure they are welcoming and inclusive. Through this partnership with Auticon, Pure Storage was able to implement new accommodations and training programs for managers, with a focus on how to nurture neurodivergent talent. As initiatives grow, the company continues to identify other benefits and accommodations it can offer to support neurodiversity.

“A lot of accommodations are very easy to make — it’s all about balance,” says Juvara.

In one instance, he says the organization was planning the company kick-off, including a “big stage and flashing lights, intended to amplify the buzz and excitement.” However, a few employees approached him to express concerns about it being an “overwhelming sensory experience,” so the company decided to establish “quiet overflow rooms, where people can go to participate without the sensory overload,” he says.

Considering this accommodation was well-received, Pure Storage extended it to the workplace, establishing “designated quiet areas, where the team can go and there’s no chit-chat or other distractions,” Juvara says, noting that this accommodation has been received positively by both neurotypical and neurodivergent employees — boosting morale across the board.

In addition to implementing quiet rooms and designated quiet areas, Juvara says they are “continuously incorporating feedback into ongoing office design,” identifying opportunities for accommodations and proper ergonomics across all Pure Storage offices. Incorporating this feedback into the design has been “infinitely more effective than trying to force fit accommodations in after the fact,” he says.

Building awareness through training

It’s important to remember that not all neurodivergent professionals are the same — some will need accommodations that others don’t, and vice versa. For example, in the report from Change the Face, when asked about remote work, one in two neurodivergent employees reported “feeling overwhelmed by distractions in the office on a regular basis,” while others “expressed a preference for the office environment due to the stimulation it provides when working alongside colleagues, as opposed to working remotely from home.”

Although determining the right accommodations for your workforce may be challenging, the need to do so is vital. Just 6% of neurodivergent professions said they never felt impacted by their condition(s), while 46% said they are affected nearly every day, according to the Change the Face report. Additionally, 68% of those affected daily by their condition reported fair or worse mental health. For context, 78% of neurotypical employees described their mental health as “good or very good,” while only 48% of neurodivergent employees said the same.

In addition to taking stock of their corporate culture and committing to making accommodations, organizations should also provide training opportunities to educate employees, especially leaders and managers, about neurodivergence and how to better support colleagues that have disabilities.

“I was initially very skeptical about some of our ABLE ERG program offerings as I couldn’t find anything in it that I didn’t already know from my own experiences,” says Hladík. “But I realized the benefit for others, especially people managers, who are looking to educate themselves. While I’m very familiar with my neurodiversity, training platforms can be very helpful to others.”

Employers will find that neurodiverse employees are skilled at managing their own disabilities — it’s how they got to where they are in their careers. But education and awareness can go a long way in helping to alleviate some of the added burden of managing neurodiverse conditions in the workforce. And companies will find that oftentimes these accommodations have positive impacts for everyone in the organization, not just those with disabilities.  

“Neurodivergence is an invisible condition and one of the things that I observed is that often this community feels unseen — creating awareness is critical to create an inclusive environment,” Juvara says.

See also:

• 7 ways to help your neurodiverse team deliver its best work
• Why neurodivergent perspectives are essential in AI development
• Regeneron and auticon open doors for autistic IT professionals

현재 높은 수요를 보이는 대표적인 역량에는 핀옵스(FinOps)가 있다.

기업은 AI 도입이 클라우드 비용을 급격히 증가시킬 수 있다는 우려를 갖고 있다. 따라서 클라우드 환경을 재정적으로 효율적으로 운영할 능력을 갖춘 IT 인재가 최근 높은 관심을 받고 있다.

하지만 IT 채용·아웃소싱 서비스 기업 하비 내쉬(Harvey Nash)의 CIO 앙쿠르 아난드는 AI와 자동화가 핀옵스 업무를 더 안정적으로 수행하는 수준에 빠르게 도달 중인 만큼, 해당 역량이 향후 1~2년 뒤에도 지금만큼 각광받을지 의문이라고 지적했다.

아난드는 역량 수요가 빠르게 상승했다가 곧바로 하락하는 현상이 핀옵스만의 문제가 아니라, 오늘날 다양한 IT 역량 전반에서 나타나는 흐름이라고 설명했다.

그는 “1970~80년대만 해도 IT 역량의 수명은 10년 이상이었다. 지금은 2년도 되지 않는 경우가 많다”라고 말했다.

아난드의 주장은 예외적인 관점이 아니다. 세계경제포럼(WEF)을 비롯한 여러 글로벌 분석기관은 과거 수십 년 동안 유지되던 직무 역량의 ‘반감기(half-life)’가 이제 약 7년 수준으로 줄어들었다고 봤다. 2023년 IBM 조사에서도 경영진은 향후 3년 동안 AI와 자동화 도입의 영향으로 전체 직원의 약 40%가 재교육을 받아야 할 것으로 예상했다. 또한 2025년 WEF 보고서는 2025년부터 2030년 사이 기존 역량의 약 39%가 변화하거나 더 이상 유효하지 않게 될 것이라고 전망했다.

IT 분야에서는 이러한 변화가 더 극적으로 나타나고 있다. 연구자들은 최근 주목받는 IT 역량이 불과 2년, 혹은 몇 달 만에 구식이 될 수 있다고 분석했다.

이런 변화는 IT 조직 전반에 상당한 압박을 주고 있다. 아난드는 “기술 발전 속도가 기술 인재의 역량 개발 속도보다 빠르다”라고 언급했다.

IT 기술 시장의 급격한 변화는 개인의 경력 계획만 흔드는 것이 아니다. IT 기능 전체와 조직 운영 방식 전반에도 영향을 미치고 있으며, 이로 인해 CIO와 HR 리더, 경영진은 직원이 빠르게 재학습하고 발전할 수 있는 환경을 만들 전략을 고민해야 하는 상황이다.

인포테크 리서치 그룹(Info-Tech Research Group) CIO 실무 연구 책임자인 헤더 라이어-머리는 “IT 분야는 거의 18개월마다 변화를 겪고, 이에 따라 필요한 역량도 달라진다. 기존 역량이 완전히 사라진다는 의미는 아니지만, 이는 IT 인재가 얼마나 유연하게 움직일 수 있어야 하는지를 보여준다”라고 말했다.

관련성 높은 IT 역량의 변화

인포테크 리서치 그룹은 ‘IT 인재 트렌드 2025’ 보고서에서, “기술 관점에서 기능적 역량은 평균 2.5년마다 구식이 된다”라고 분석했다. 보고서는 또한 “성숙한 조직일수록 전반적인 역량을 변경해야 한다는 필요성을 인식할 가능성이 높으며, 이러한 조직은 AI·ML 역량을 핵심 역량으로 볼 가능성이 2.5배나 높았다. 이들 조직은 미래의 요구와 목표를 충족할 준비가 가장 잘 되어 있을 것”이라고 진단했다.

또한 인포테크는 보고서 조사에 참여한 IT 전문가의 95%가 2030년까지 적어도 일부 역량에 변화가 필요하다고 답했다. 응답자의 28%는 대부분의 역량이 바뀌어야 한다고 했으며, 17%는 모든 역량이 변화해야 한다고 판단했다.

IT 교육·자격 인증 기관 컴티아(CompTIA)의 최고 기술 에반젤리스트인 제임스 스탱어는 수십 년에 걸쳐 가속된 기술 혁신 속도가 IT 역량의 빠른 교체 주기를 주도하는 핵심 요인이라고 설명했다.

스탱어는 “예를 들어 헬스케어 분야에서 클라우드 전용 솔루션을 개발하는 전문가들의 경우, 주요 벤더 도구가 평균 한 달 주기로 바뀌는 상황을 목격하고 있다”라고 말했다.

IT 리더들은 어떤 IT 역량이 필요해지고, 어떤 역량이 낡아지는지를 결정하는 데 AI와 자동화가 큰 영향을 미친다고 봤다. 1~2년 전만 해도 숙련된 인재가 직접 수행하던 반복 업무 상당수가 이제 AI와 자동화에 의해 처리되고 있다. 앞으로는 더 많은 전문적 업무까지 자동화되면서, 요구되는 IT 역량의 유형은 더욱 빠르게 변화하고 불필요해지는 역량도 늘어날 전망이다.

서비스나우(ServiceNow)의 최고 디지털정보 책임자 켈리 로맥은 “과거에는 수작업 기반 서비스 데스크 운영, 인프라 관리, ERP 심층 설정 등이 3~6년 뒤까지도 안정적으로 유지될 핵심 역량이었다. 하지만 자동화와 AI가 워낙 빠르게 발전하면서, 이런 역량은 앞으로 1~3년 정도만 의미를 갖고 그 이후에는 완전히 재편될 수 있다”라고 진단했다.

유연하고 민첩하며 적응력 있는 인재 필요

로맥을 포함한 IT 리더들은 IT 직무 자체가 사라지는 것이 아니라고 강조했다. 개발자, 엔지니어, 아키텍트, 보안 전문가 등은 앞으로도 지속적으로 필요할 전망이다. 다만 이들이 일상 업무에서 활용하는 기능의 변화 속도가 어느 때보다 빨라졌다는 점이 문제라는 지적이다.

일부 CIO와 IT 자문가는 역량의 수명이 짧아지는 현상이 모든 조직에 동일하게 나타나는 것도 아니라고 설명했다. 여전히 기존 기술을 운영하는 기업에서는 특정 역량이 오래 유지되는 경우도 있기 때문이다.

테크 전문 채용 플랫폼 다이스(Dice)의 ‘2025 기술 연봉 보고서’는 이 같은 이중적 현실을 보여준다. 보고서에 따르면 최근 가장 빠르게 연봉이 상승한 역량은 AI, 데이터, 클라우드 엔지니어링이었지만, 여기에는 수십 년 전 처음 등장한 기술도 포함됐다. 그 중에서 자연어 처리(NLP)와 문서 데이터베이스는 각각 1위와 2위를 차지했고, 코볼(COBOL)은 7위, 루비(Ruby)는 10위에 올랐다.

IT 리더들은 오늘날 각광받는 역량 중 어떤 것이 루비(1993년 개발)나 코볼(1959년 개발)처럼 장기적인 생명력을 가질지 예측할 수 없다고 진단했다. 기술 발전과 혁신 속도로 인해 몇 달 만에 사라질 역량이 무엇인지도 단정할 수 없다는 것이다.

대신 IT 리더들은 세계경제포럼(WEF)이 ‘역량 불안정성’이라고 부르는 환경 속에서 어떻게 적응하고 성장할지 학습해야 한다고 조언했다.

컴티아의 스탱어는 과거처럼 IT 인재가 파이썬 프로그래밍 언어와 같은 특정 역량 하나만으로 장기적인 경력을 보장받던 시대는 지났다고 지적했다. 그는 “어떤 역량은 매우 빠르게 부상했다가 또 빠르게 사라진다. 따라서 이제는 새로운 역량을 얼마나 신속하게 습득할 수 있는지가 기준이 돼야 한다”라고 말했다.

라이어-머리는 CIO가 직원들이 역량을 개발할 수 있도록 시간을 확보해 주고, 현대적 IT 조직의 업무 요구를 따라갈 수 있도록 팀원들에게 더 많은 코칭을 제공해야 한다고 말했다. 그는 CIO에게 성장 마인드셋을 갖춘 인재를 채용하거나, 기존 직원이 이런 태도를 키우도록 지원할 것을 조언하고 있다.

피닉스대학교(University of Phoenix) IT 부서의 애자일 피플 리더인 타이 존스는 이러한 방향성을 실제로 실행하고 있다고 언급했다. 애자일 피플 리더는 CIO 제이미 스미스가 미래 업무 환경에 대비하기 위해 최근 신설한 직책이다.

존스는 “일하는 방식이 계속해서 재정의되고 있다”라고 말하면서, 일부 IT와 HR 리더들이 9월에 IT·데이터 직군이 빠르게 변하는 환경에서 성공하기 위해 갖춰야 할 역량 목록을 공개했다고 설명했다. 이 목록에는 창의적 문제 해결, 리더십, AI 윤리 활용, 적응력, 호기심, 끈기, 커뮤니케이션, 기술적 유창성, 미래 트렌드 이해, 주도성, 혁신 등이 포함됐다.

존스는 대학 IT 리더십이 코칭을 통해 이러한 역량을 개발하도록 지원하고 있으며, 직원들이 새로운 역량을 익힐 수 있도록 업무 시간 중 일정 부분을 학습에 할당하고 있다고 전했다.

존스는 “엔지니어와 기술 조직은 새롭게 등장하는 어떤 역량이든 즉시 받아들일 준비가 되어 있어야 한다. 계속해서 자신을 재정비해야 한다. 피닉스대학교 IT 조직은 조정하고 유연하게 움직이는 능력을 강조하고 있다. 호기심이 있고 배울 수 있는 사람이 필요하다”라고 설명했다.
dl-ciokorea@foundryco.com

FinOps skills are in high demand today.

With organizations fearful of AI initiatives ballooning their cloud costs, the ability to manage cloud environments in a financially efficient way is earning IT pros with FinOps skills a premium of late.

But Ankur Anand, CIO of Harvey Nash, an IT recruitment and outsourcing services provider, wonders whether those skills will be as hot in another year or two, as artificial intelligence and automation become more reliably capable of handling FinOps tasks.

The idea that demand for such skills could rise and fall so quickly is not unique to FinOps, Anand says; it’s applicable to many IT skills today.

“The shelf life of IT skills back in the ’70s or ’80s was a decade or more. Today it can be less than two years,” Anand says.

Anand is not an outlier in making such assertions. The World Economic Forum (WEF) and other thought leaders say the half-life of many workplace skills has shrunk from decades to closer to seven years. A 2023 IBM study found that executives estimate that 40% of their workforce will need to reskill as a result of implementing AI and automation over the next three years. And a 2025 WEF report says workers can expect that 39% of their existing skill sets will be transformed or become outdated between 2025 and 2030.

IT workers have seen the half-life of IT skills compressed even more dramatically, with researchers saying some skills today go from hot to not in less than two years — sometimes mere months.

It’s putting a lot of pressure on IT teams. As Anand says, “Technology is developing faster than tech workers can upskill.”

Ever-quickening churn in the IT skills market is upending more than individuals’ career plans, too. It is impacting the entire IT function and the organization as a whole. That in turn is forcing CIOs, HR leaders, and other executives to devise strategies to create an environment where workers are capable of reinvention at a rapid clip.

“IT has a transformation almost every 18 months, and the skills needed in IT are impacted by that. It doesn’t mean skills become obsolete, but it impacts how fluid IT employees need to be,” says Heather Leier-Murray, a research director in the CIO practice at Info-Tech Research Group.

Transforming which IT skills are relevant

In its IT Talent Trends 2025, Info-Tech asserted the idea that “from a technology standpoint, functional skills are becoming outdated every 2.5 years.” It noted that “mature organizations are more likely to see the need to change most if not all their skills. These organizations are also 2.5 times more likely to see AI and ML skills as critical. It will be these IT organizations that have best prepared themselves to deliver on the needs and objectives of the future.”

Furthermore, Info-Tech found that 95% of IT professionals surveyed for the report believe at least some skills will need to change by 2030, with 28% saying most skills need to change and 17% saying all skills need to change.

The pace of technology innovation, which itself has sped up over the decades, is driving the rapid turnover of needed IT skills, says James Stanger, chief technology evangelist at IT training and certification organization CompTIA.

“For example, some folks I know who work in the healthcare industry have noticed that as they create cloud-specific solutions, they’re seeing vendor tools change on an average of one month. Yes, one month,” he says.

AI and automation also have a big impact on what IT skills are needed and which become outdated, IT leaders say. AI and automation are handling a growing number of repetitive tasks that even just a year or two ago had required skilled workers to do. Looking forward, AI and automation will take on even more skilled work, further transforming which IT skills are relevant and which are no longer needed.

“Manual service desk operations, infrastructure management, and deep ERP configuration used to be core competencies and safe skills to bank on, looking out three to six years. Since automation and AI are advancing so quickly, those same skills might only be relevant for the next one to three years before they’re completely transformed by technology,” says Kellie Romack, chief digital information officer of tech company ServiceNow.

Fluid, agile, adaptive workers needed

To be clear, neither Romack nor other IT leaders are saying that IT jobs are becoming obsolete; there is and will remain a need for developers, engineers, architects, security pros, and the like. Rather, they say it’s the functional skills that they need most in their day-to-day roles that are changing faster now than ever before.

CIOs and IT advisers also say the shortening shelf life of skills is not experienced universally, as some organizations still have a lot of legacy tech in place.

Data from the 2025 Tech Salary Report from Dice, a job-searching platform for tech professionals, hints at these dual realities. The report found that skills related to AI, data, and cloud engineering saw the fastest growth in salaries. But some entries on its list of fastest growing tech salaries by skill date back decades. The skills range from natural language processing and document databases, which take the No. 1 and No. 2 spots, to COBOL at No. 7 and Ruby at No. 10.

IT leaders say they can’t predict which functional skills that are hot today might have the staying power of Ruby (created in 1993) or COBOL (created in 1959). Nor are they saying which skills will fade away months from now due to tech advancements and innovation.

Instead, they stress the need for CIOs and their teams to learn how to thrive in what the WEF called “skill instability.”

The days when an IT worker could ensure career longevity by specializing in and sticking with one skill — the Python programming language, for example — are over, CompTIA’s Stanger says.

“Certain skills will come up very quickly and then go away very quickly, so now that person has to be seen as someone who can build up skills quickly,” he adds.

Info-Tech Research Group’s Leier-Murray says CIOs must free up time for their staffers to upskill and provide more coaching to their team members to ensure they keep pace with the work demands of a modern IT shop.

She and others advise CIOs to hire workers with or cultivate in existing staffers a growth mindset.

The IT department at the University of Phoenix is taking such steps, says Ty Jones. Jones is the principal agile people leader for the university’s IT department, a role that CIO Jamie Smith recently created to help prepare staffers for whatever the future of work requires.

“The way that everybody is working is continuously being redefined,” Jones says.

She says IT and HR leaders in September rolled out a list of competencies they believe IT and data workers must have to succeed in a field where skills quickly come and go. Those competencies are creative problem-solving, leadership, ethical use of AI, adaptability, curiosity, grit, communication, technical fluency, future trends, ownership, and innovation.

IT leadership at the university is helping workers develop these competencies through coaching, Jones says, and is allotting them time during their work schedules to master new skills.

“Our engineers and technical teams need to be ready to adopt any emerging skills, and they’re going to need to continue to regenerate,” Jones says. “So we’re emphasizing the ability to adjust and be fluid. We need individuals with curiosity and the ability to learn.”

Con 2026 a la vuelta de la esquina, es tiempo de que las compañías preparen los desafíos del nuevo año. Uno de los principales será el cambio de año en los sistemas de facturación: la implementación del sistema de verificación antifraude Verifactu. No es extraño ver menciones a este cambio como el paso a la facturación electrónica. Pero llamarlo así puede llevar a confusión, porque se trata de dos elementos distintos, regidos por normativas distintas.

Lucía Pérez y Meritxell Yus, abogadas especializadas en Fiscalidad Indirecta de Cuatrecasas, son tajantes. “No debe confundirse la obligación de facturación electrónica B2B con la normativa sobre sistemas informáticos de facturación” —el conocido como VeriFactu— “que establece la obligación del cumplimiento de los requisitos de integridad, conservación, accesibilidad, legibilidad, trazabilidad e inalterabilidad de los registros de los sistemas informáticos de facturación. Ambos proyectos se encuentran regulados en normativa diferentes con un distinto objetivo”. Si bien convivirán y se complementarán, buscan distintas finalidades, explican. “La facturación electrónica regula el formato y la transmisión estructurada de las facturas entre empresarios y profesionales y su finalidad principal es reducir la morosidad comercial, mientras que la normativa de sistemas de facturación se centra en la calidad, seguridad y fiabilidad de los datos generados por los programas de facturación, con la finalidad de reducir el fraude”.

El paso a Verifactu

La primera en entrar en vigor es la Ley 11/2021, de 9 de julio, de medidas de prevención y lucha contra el fraude fiscal, conocida popularmente como Ley Antifraude. Esta regulación transpone una directiva europea que quiere limitar las prácticas de evasión fiscal. Aunque el texto habla de concentrar los esfuerzos en las grandes fortunas, sus implicaciones afectan a todo tipo de profesionales, de grandes empresas a personas que cotizan como pequeñas autónomas. La normativa incorpora distintas medidas para lograr el cumplimiento de los requerimientos fiscales, entre las que se plantea un modelo basado en el control de los softwares de contabilidad y gestión, que quedan obligados a ajustarse a determinados requisitos.

Al calor de esta normativa se ha desarrollado el reglamento Verifactu, que establece los requisitos que deben contemplar los programas de facturación. Entre otros, se contempla que, al expedir una factura, se genere o guarde una copia o se mande un resumen, directamente, a la Agencia Tributaria. Además, se deberá incluir un QR en la factura para poder verificarla con la administración. Negro sobre blanco, el cambio en la regulación implica que ya no se podrá enviar las facturas en un PDF ni hacer los libros de contabilidad sobre un Excel, sino que habrá que emplear un sistema de facturación homologado. Para controlar que el modelo sobre el que se haga cumple los necesarios requisitos se ha desarrollado el sistema del mismo nombre, que se puede incorporar a softwares de facturación ya existentes y que está también integrado en la aplicación informática gratuita desarrollada por la AEAT.

La nueva normativa, dice Estefanía Gambin, “implica un cambio técnico relevante para los equipos de TI”

Es decir: si bien este nuevo modelo va hacia la facturación electrónica, no se refiere a esta normativa, sino a la integración de un sistema antifraude. “Verifactu no es factura electrónica, y este matiz es importante”, desarrolla Álvaro Villa, director general de Alegra España. “Es un sistema antifraude que obliga a que el software de facturación cumpla criterios muy estrictos de integridad, trazabilidad e inalterabilidad del dato”, resume. A nivel de TI tiene un impacto significativo: “No cambia la interfaz, pero sí cambia la arquitectura del sistema”, explica. Coincide Estefanía Gambin Altare, country success manager en Pleo. “Esta normativa implica un cambio técnico relevante para los equipos de TI”, defiende. “Los sistemas deben ser capaces de trabajar con formatos estructurados, integrarse con los sistemas contables y asegurar la transmisión segura y puntual de los datos a Hacienda”. Gambin lo define como “un reto técnico”, que “con el apoyo adecuado no tiene por qué ser una carga”.

Entre los trabajos en TI a los que obligará el reglamento Verifactu, continúa Villa, está la auditoría y adaptación de ERP, CRM, TPV y desarrollos propios a los nuevos requisitos, pero también la integración de hash encadenado y QR y el compromiso de trazabilidad completa y exportación en el formato exigido por la AEAT. Habrá que realizar integraciones vía API y definir si la empresa operará en modo VeriFactu o no VeriFactu; y asegurar operaciones sin interrupciones, “porque cualquier incidencia ahora tiene también un impacto en cumplimiento”. Lejos de tratarse de una acción puntual, este cambio requerirá de un seguimiento continuo, explica. “Lo más práctico es tratar Verifactu como un programa permanente de cumplimiento digital, no como un proyecto puntual. Esto implica gobernanza de datos, revisiones periódicas y formación continua para que Finanzas, TI y asesores estén alineados”. Gambin lo afronta de forma similar. “No es un cambio puntual que se resuelve una vez y listo. Es un proceso vivo que requerirá actualizaciones continuas y capacidad de adaptación”.

“Lo más práctico es tratar Verifactu como un programa permanente de cumplimiento digital, no como un proyecto puntual”, señala Álvaro Villa

En cuanto a su impacto en la relación entre los departamentos de TI y finanzas, la directiva de Pleo avanza que el equipo financiero se verá relegado de tareas repetitivas para enfocarse en aportar valor real al negocio. Villa lo desarrolla. “VeriFactu nace como una iniciativa fiscal, pero se implementa a través de tecnología. Eso obliga a TI y Finanzas a trabajar de forma más coordinada que nunca”. Entre otros, augura un impulso a las decisiones compartidas sobre software, integraciones y políticas de registro; la fluidez en el lenguaje común en torno a la trazabilidad, integridad y auditoría de los datos; y una menor carga manual en finanzas y más control preventivo gracias a la automatización. “En la práctica, TI y finanzas pasan de colaborar a copilotar el cumplimiento antifraude dentro de la organización”.

Conviene también repasar el calendario de implementación. A partir del 1 de enero de 2026, todas las personas jurídicas deberán usar sistemas de facturación adaptados, mientras que el resto de profesionales y personas autónomas tienen hasta el 1 de julio del próximo año para integrar estas herramientas.

Facturación electrónica

Aunque Verifactu podría considerarse como un primer paso hacia la factura electrónica —especialmente para aquellos negocios que no estaban aún utilizando sistemas de este tipo—, este modelo de facturación es obligatoria para el trabajo con la administración desde 2013. En los próximos años está previsto que se extienda, gracias a la conocida como Ley Crea y Crece. Esta normativa de 2022 “establece la obligación de emitir, remitir y recibir facturas electrónicas en las operaciones entre empresarios y profesionales”, recuerdan Yus y Pérez, aunque aún está pendiente de desarrollo reglamentario. “A fecha de hoy, por lo tanto, todavía no está definido con detalle el alcance de esta medida y su fecha de entrada en vigor”.

La normativa trabaja en una línea semejante a la de la Ley Antifraude, buscando “combatir la morosidad comercial, reforzar la transparencia en los pagos y acelerar la digitalización de las relaciones empresariales, promoviendo procesos más eficientes, trazables y automatizables”, destacan las abogadas de Cuatrecasas. Por el momento, en el último borrador publicado, se contempla que la factura en operaciones B2B deberá ser un mensaje electrónico estructurado conforme a determinados requerimientos. “El envío de un PDF no resultará suficiente, pues se exigen datos estructurados interoperables procesables automáticamente por los sistemas”, resumen. Está además prevista una solución pública de facturación de la propia AEAT, que actuará como repositorio de las facturas electrónicas y coexistirá con plataformas privadas de intercambio de datos. “Estas plataformas deberán garantizar la interconexión e interoperabilidad gratuitas entre ellas”.

“El envío de un PDF no resultará suficiente, pues se exigen datos estructurados interoperables procesables automáticamente por los sistemas”, indican Lucía Pérez y Meritxell Yus

Aunque al no haberse publicado el desarrollo normativo no se puede hablar de un calendario completo, se estima que las grandes empresas, con un volumen de operaciones superior a 8 millones de euros, tendrán 12 meses desde su publicación para adaptarse, mientras que para el resto este plazo se extenderá hasta los 24 o incluso 36 meses.

자동차를 구매할 때는 창문 스티커에 적힌 공인 연비를 먼저 보기 마련이다. 1리터로 18km를 달린다는 수치를 보면 기대가 커지지만, 막상 차를 집까지 몰고 오면 실주행 연비는 그보다 훨씬 낮게 나온다는 점을 깨닫는다. 제조사가 평지나 내리막길, 최적의 조건만 가정해 측정한 결과가 아닌가 하는 생각이 들 때가 많다.

AI 생산성을 둘러싼 논의도 이와 크게 다르지 않다. 글로벌 컨설팅사의 보고서든, 최신 AI 플랫폼을 앞세운 벤더의 설명이든, 혹은 CEO가 요청한 ROI 전망이든 대부분의 예측은 지나치게 낙관적이다. 문서로만 보면 그럴듯해 보이지만 실제 업무 환경에서는 기대치에 미치지 못하는 경우가 많다. 과장된 전망을 전제로 전략을 세우면, 조직은 목표에서 벗어나기 쉬운 기반을 스스로 만들게 된다.

디지털 전략 컨설턴트로 일하면서, 잠재력이 주는 기대감과 실제 실행 과정의 현실성을 균형 있게 반영하는 새로운 기준이 필요하다는 점을 여러 차례 확인해 왔다. 흥미로운 점은 이런 접근법의 출발점이 기술이 아니라 금융 분야에서 나왔다는 사실이다.

‘할인율’을 적용할 필요성

금융 분야의 기초 재무 과정에서 가르치는 현금흐름 할인법(DCF)을 참조할 만하다. 이는 투자를 평가할 때 미래에 발생할 현금흐름을 모두 합산하는 대신, 시간과 위험을 고려해 그 가치를 할인하는 방식이다. 내일 받을 1달러는 오늘의 1달러보다 가치가 낮고, 그 1달러가 실제로 들어올지 불확실하다면 가치는 더 떨어진다.

AI 생산성을 평가할 때도 이와 같은 사고방식이 도움이 된다. “코파일럿이 개발자 생산성을 2배로 높인다”와 같은 표면적 수치는 잠재력을 최대치로 가정한 값일 뿐이다. 실제 계획에 활용할 수 있는 현실적인 수치를 얻으려면 3가지 요소를 감안해 ‘할인’해야 한다. 이는 목표에 도달하기 위해 사람이 투입해야 하는 노력, 조직이 AI를 받아들이는 데 걸리는 시간, 그리고 AI의 불완전성에서 비롯되는 위험을 의미한다.

사람의 노력: 사람과 기계가 맞물리는 현실

생성형 AI는 일을 대신해주는 ‘자동 조종 장치’가 아니라 속도를 높여주는 ‘가속기’에 가깝다. 문제를 정의하고, 모델이 올바르게 작동하도록 안내하며, 최종 결과를 검증하는 과정은 여전히 사람이 맡아야 한다. 예를 들어 소프트웨어 엔지니어링에서는 깃허브 코파일럿(GitHub Copilot) 같은 도구가 즉시 실행 가능한 코드를 만들어주지만, 그 코드 상당수는 여전히 디버깅과 테스트, 수정이 필요하다.

한 고객사의 파일럿 프로젝트에서 엔지니어들은 업무 시간의 약 4분의 1을 AI가 생성한 코드를 검토하거나 다시 작성하는 데 사용했다. 생산성은 분명 의미 있는 수준으로 올랐지만, 벤더가 흔히 주장하는 ‘생산성 2배’와는 거리가 있었다. 실제 수치는 약 40% 향상에 가까웠고, 이는 훨씬 현실적이면서도 지속 가능한 수준이었다. 결론은 명확했다. AI는 역량을 증폭시키지만 사람의 판단을 대신하지는 못한다. 이를 생산성 전망에 반영해야 모델은 더 신뢰할 수 있고 계획은 더 현실적이 된다.

도입 속도와 확산 곡선

또 다른 중요한 요소는 기술 도입 속도다. AI로 인한 생산성 향상은 한꺼번에 나타나지 않는다. 다른 엔터프라이즈 기술과 마찬가지로, 도입 과정은 학습과 실험, 확산을 거치며 점진적인 곡선을 그린다.

포춘 500대 제조 기업의 한 사례를 살펴볼 만하다. 이 회사는 코드 개발용 코파일럿 도입을 추진하면서 이러한 도입 곡선을 직접 모델링했다. 첫해에는 전체 개발자의 약 4분의 1만 활발히 도구를 사용했다. 시간이 지나면서 도입률은 꾸준히 증가했고, 비용과 효과도 일상적인 개발 흐름 속에서 자연스럽게 확대될 것으로 예상됐다. 이들은 4년에 걸친 도입 기간을 기준으로 ROI를 산정해 조직이 변화에 적응할 수 있는 속도와 맞는 예측치를 제시할 수 있었다. 결과적으로 가파르고 비현실적인 상승 곡선이 아닌, 신뢰할 수 있는 전망을 확보했다.

강력한 비즈니스 사례가 있어도 생산성은 저절로 발생하지 않는다. 도입에는 시간, 교육, 그리고 반복적인 사용 경험이 필요하다. 이런 현실적 조건을 추정치에 포함해야 계획은 방어 가능하면서도 실제 실행으로 이어질 수 있다.

위험 조정: AI 환각을 반영

모든 생산성 모델은 위험 요소도 고려돼야 한다. 가장 성능이 뛰어난 시스템도 오류를 낼 수 있으며, 그로 인한 운영·평판 측면의 비용은 상당할 수 있다.

이런 사례는 뉴스에서도 어렵지 않게 볼 수 있다. 올해 한 글로벌 기술 기업은 AI 이미지 생성기가 부적절한 결과를 만들어내자 마케팅 캠페인을 전면 철회했다. 문제는 관리 부재가 아니라 위험을 과소평가한 것이었다. 기업은 문제를 해결하고 공지·조율 작업을 진행하며 신뢰를 회복하는 데 수 주를 투입해야 했다. 이 회복 기간 동안 투입된 시간과 자원은 본래 생산 업무에 사용될 수 있었다.

CIO가 생산성을 추정할 때는 이런 불가피한 시행착오를 감안해야 한다. 결과물 검증, 오류 수정, 후속 조치에 필요한 시간과 노력이 분석에 포함돼야 한다. 투자자가 위험이 큰 자산에 더 높은 수익률을 요구하는 것처럼, 기술 리더도 위험성이 높은 AI 활용에 대해서는 생산성 기대치를 조정해야 한다.

개념에서 실천으로

‘할인된 생산성’ 개념은 실제 현장에 적용할 때 비로소 힘을 발휘한다. 예를 들어 한 소프트웨어 엔지니어가 코파일럿을 사용한다고 가정해보면, 이론상 생산성은 2배까지 늘어날 수 있다. 하지만 사람 검증 과정, 점진적인 도입 속도, 위험 요소를 반영하면 현실적인 생산성 증가는 30~40% 수준에 가까워진다.

이를 시각화하면 폭포수(waterfall) 차트 형태가 된다. 전체 AI 기회 규모를 출발점으로 두고, 사람의 노력, 도입 속도, 위험 요인을 고려해 하나씩 차감해 나간다. 그렇게 남는 수치가 실제로 달성 가능한 생산성 향상이며, 팀의 실제 업무 방식을 반영한 값이기 때문에 CFO나 CEO에게도 자신 있게 제시할 수 있다. 경험이 쌓이면 이 수치를 넘어설 가능성도 충분히 있다.

서로 다른 AI의 ‘연비’

AI는 업무 방식을 빠르게 바꾸고 있다. 하지만 새 차의 공인 연비가 실제 주행 환경에 따라 달라지듯, AI 성과 역시 조직의 환경, 구성원의 활용 방식, 실행력에 따라 크게 달라진다. 생산성에 ‘할인율’을 적용해 바라보는 관점은 CIO와 기술 리더가 AI 기술의 잠재력과 실제 성과 사이의 간극을 좁히고, 신뢰할 수 있고 방어 가능하며 실현 가능한 기대치를 세우도록 돕는다.

AI 역시 운전과 마찬가지로, ‘연비’는 상황에 따라 달라질 수밖에 없다.
dl-ciokorea@foundryco.com