CIO CIO

Physical AI is transforming every industry, from manufacturing, where robots are already critical to factory lines that assemble devices, to agriculture, where autonomous tractors can till crops and use imaging data to harvest when ready. In retail settings, robots scan grocery aisles daily to give accurate updated inventory and restock shelves overnight. Meanwhile, the logistics industry has introduced robots that are able to retrieve, sort and package items for efficient and safe handling. The automotive industry continues to leverage Physical AI to move from driver-assisted cars to fully autonomous fleets that can be updated remotely. Now we face a key question: Do people trust physical AI? Only with trust can these futuristic capabilities become the norm rather than interesting use cases. Why we’re entering a new paradigm in robotics This world is possible because the physical AI learning curve continues to bend toward faster, better and cheaper developments. Synthetic training environments have become a less costly and less risky alternative to expensive physical experimentation while accelerating improvements. For example, Boston Dynamics’ Spot robot has achieved 87% accuracy in detecting objects in simulation, thanks to the help of synthetic training data from NVIDIA’s Isaac Sim and Replicator. More companies are also turning to simulated environments for competitive advantage; for example, BMW invested €2 billion into a factory powered by a digital twin, aiming to accelerate development and improve planning efficiency by 30%. Robotics developers, on even the smallest teams, increasingly have access to rich physical world data thanks to world foundation models (WFMs), which offer an advanced starting point for new capabilities. Early pioneers like Figure AI and Agility Robotics are already demonstrating how well physical AI can integrate into different human environments. Major advances are happening in robotics software too: Orchestration models such as DeepMind’s AutoRT have demonstrated how to control fleets of robots across different tasks with limited human intervention. In Europe, fleets of miniature robots are being trialed to help with search and rescue operations, navigating through collapsed buildings and piles of rubble to find people trapped underneath. source

Worried you’re making mistakes running your IT department? Here are eight more mistakes to worry about that probably aren’t on your to-don’t list already. source

No, I was going to say, sorry, I shouldn’t have interrupted, but like, thank you, because that’s such an insightful answer and we’ve never had that. Right. And I think it’s probably relevant to everybody. I wonder, so many thoughts were going through my head while you were speaking just then, like, certainly it resonates. Right. And I think we’re over a similar age. And I think, I wonder if working practices and cultures are a bit different now. So maybe it’s possible to sort of come out of that earlier. I certainly think about, this is a very kind of specific example, but like the kind of pub culture of British business, like which I certainly enjoyed, like, but did mean that people to get on behaved in a certain way at a certain time kind of thing, which is definitely kind of gone away, which can only be a good thing. And I wonder if like the way we now are able to articulate, you know, diversity in kind of the way people are, neurodiversity allows for like people, myself included actually, to be able to. consciously think exactly what you said, which is really quite inspirational actually. I am going to be myself. I am enough kind of thing. Which doesn’t mean that you’re able to kind of, it’s like the confusion people have between free speech and like being able to say whatever you like without consequences, right? You still have to adapt to an environment to a certain extent. But I do think it’s a very healthy thing to say, but I am going to be me because I’m good enough for this scenario and situation. That’s a really great answer and I appreciate you saying it. Yeah, the other question we like to ask at this time is that thing as you go through your career, as you’re learning, as things happen, like I think we all have those moments where the things that we, know, fundamentals to us previously or just things we just thought we knew turn out not to be true. And I wonder if you have an example of that the first time you realise something you thought you knew might not actually be the case. Greg Finnigan ( .001) Yeah, no problem. source

Cyber threats evolve as technologies and criminal opportunities advance, reshaping the way attackers operate. Nothing stays static. Recently, we have seen changes in the way ransomware cybercriminals operate that demand a reevaluation of defenses to reduce the risk of a damaging attack. Ransomware has undergone a decades-long transformation, starting with distribution via floppy disks and demands for payment via the mail, but only became a widespread threat once cryptocurrencies allowed for anonymous online payments. Since that time, it has matured, hitting corporate networks and government systems, where encryption and extortion demands soared in scope and sophistication. The new wave: Escalating volume and shifting tactics The findings from Zscaler’s latest ransomware research report shine a spotlight on the sheer acceleration of attacks and the shift in how operators are coercing victims. Between April 2024 and April 2025, Zscaler’s cloud services blocked nearly 11 million ransomware attempts—a staggering 146% increase year-over-year and seven times the volume recorded in 2021. While many attacks are successfully prevented, ransomware operators remain devastatingly effective. Over 7,000 victims globally were identified from dark web-hosted ransomware leak sites last year, with more than half of the victims based in the United States. The 3,671 U.S. incidents mark a twofold increase from the year prior. This surge in ransomware activity isn’t limited to North America. Each of the top 15 targeted countries saw significant increases, from a 30% rise in Mexico to a 436% increase in Israel, most likely geopolitical targeting. Country Ransomware Attacks (2024 Report) Ransomware Attacks (2025 Report) Percentage Increase United States 1,821 3,671 101.60% Canada 128 377 194.50% United Kingdom 216 333 54.20% Germany 149 260 74.50% India 60 199 231.70% Italy 118 181 53.4% France 119 159 33.6% Australia 73 152 108.2% Brazil 57 149 161.4% Spain 62 134 116.1% Top 10 Countries by Number of Victims and Growth 2024 – 2025. One of the most striking trends in these attacks is the pivot away from conventional file encryption tactics. Instead, ransomware groups are now focusing on stealing sensitive information—financial records, intellectual property, customer data—and threatening public exposure as leverage to secure hefty payments.  In some cases, criminal groups are no longer encrypting data at all. Now, the real disruption caused by ransomware lies not in the loss of operational functionality, but in the erosion of trust, reputation, and compliance in victim organizations. The rise of autonomous ransomware operations Cybersecurity experts have long predicted that AI would significantly aid attackers in their attempts to breach networks. It can assist in reconnaissance of targets, finding vulnerable devices on a network, creating exploit code, and help deliver attacks via tailored phishing emails.  However, a recent discovery by Anthropic, the company behind the Claude AI chatbot, highlights just how far some attackers have come: the use of fully automated, agentic AI tools to carry out large-scale extortion operations with minimal human intervention. In a blog post, Anthropic reported a cybercriminal leveraged Claude Code, an AI model designed for coding, to orchestrate ransomware attacks that were entirely autonomous. Like other widely available generative AI platforms, Claude Code provides both legitimate benefits and a significant opportunity for misuse.  Seventeen victims across healthcare, emergency services, government offices, and religious institutions were targeted simultaneously. AI handled every stage of the operation, from reconnaissance and credential harvesting to network penetration and determining ransom amounts. This fully automated system even crafted ransom notes with demands for payments up to $500,000 that displayed on victim machines. The accounts misusing the service were banned following discovery of the attack, but the implications are sobering. Autonomous ransomware allows cybercriminals with limited technical skills to achieve high-impact results, reshaping the landscape of cybercrime. What once required resources, teamwork, and expertise can now be conducted simply with access to generative AI tools. The ability to scale attacks and target multiple organizations concurrently raises the potential for exponential growth in ransomware activity. The hacker abusing Claude Code is unlikely to have stopped their activities, but rather will have simply moved to other tools. Volume, speed, and impact: The scale of the problem Let’s break it down: AI has lowered the barriers to entry for ransomware campaigns, enabling attackers to scale operations far beyond what human-driven efforts could manage. Where conventional ransomware operations might require weeks or months of planning and execution for each attack, AI’s capabilities allow operators to target multiple victims simultaneously, with autonomous systems performing both tactical and strategic decision-making. And as technical expertise becomes less critical, the pool of cybercriminals capable of mounting these attacks will grow, including actors who previously lacked the skillsets to conduct them manually. Organizations of all shapes and sizes are going to have to quickly adapt to this new reality or face repeated compromises.  What it means for cybersecurity leaders Ransomware defense strategies that worked even a few years ago are insufficient against these new methods of extortion and the scalability made possible by generative AI. Enterprises cannot rely on past experiences to address future threats. For CIOs, CISOs, and IT leaders, combating ransomware must become a core component of corporate risk management and enterprise resilience. Proactive thinking and a willingness to challenge conventional strategies are imperative to keep pace with attackers. To defend against the next evolution of ransomware, organizations must reprioritize and refine their security measures: Minimize external attack surface: Move to a Zero Trust architecture to better secure digital assets. Identify and mitigate vulnerabilities. Strengthen controls to prevent attackers’ ability to spread deeper within networks.  Prevent compromise: Combining Zero Trust with AI makes it possible to detect and stop ransomware or malware, including attacks driven by AI, before systems are compromised. Eliminate lateral threat movement: Use AI-generated adaptive segmentation to give full visibility into user activity and application traffic and prevent attackers from moving from a compromised endpoint to sensitive assets. Prevent data loss: Deploy Zscaler Data Loss Prevention technology to detect and block attempts at data exfiltration. This is especially critical for organizations operating in high-value target sectors. Emerging stronger from a shifting landscape The ransomware challenges of 2025 are shaping business risks across

Salesforce employs 76,000 people worldwide after a sweeping reorganization undertaken in recent months, which Benioff himself described as “the most exciting of his career” during a conversation with The Logan Bartlett Show podcast. However, in that conversation, he also acknowledged that, despite the cuts, the human workforce will continue to be an essential part of the company’s customer service. Furthermore, he described Salesforce’s model as hybrid, in which AI handles repetitive or routine tasks, while humans handle complex cases or manage customer relationships. In his opinion, as he emphasized in the discussion, it’s not about replacing people entirely, but rather about creating a new kind of teamwork between software and staff. In fact, Salesforce’s goal of positioning AI as a gateway and people as a development force is to provide faster and more cost-effective service without compromising the personal touch that many customers still expect. source

It’s not just the tech or ROI — boards buy into stories that connect vision, context and their own stake in the transformation. source

What I discovered changed everything for me. There’s an entire side of cybersecurity that needs business-minded professionals, not technical experts. Governance, risk and compliance (GRC) roles need the skills many career changers already have, such as stakeholder management, policy development, risk assessment and business communication. My journey from recruitment consultant to GRC professional proves that with the right strategy, persistence and understanding of where your existing skills fit, breaking into cybersecurity without a technical degree isn’t only possible. It’s exactly what the industry needs. (See also: How to make a late career switch to cybersecurity.) Why GRC is the perfect entry point for career changers Think of cybersecurity as a house. While penetration testers and security engineers focus on building stronger locks and alarm systems, GRC professionals ensure the house has strong foundations, insurance policies and meets all building regulations. GRC stands for governance, risk and compliance — three interconnected disciplines that form the business backbone of any cybersecurity program. Governance involves creating and maintaining the policies, procedures and frameworks that guide an organisation’s security decisions. Risk management focuses on identifying potential threats, assessing their likelihood and impact, then developing strategies to mitigate or accept those risks. Compliance ensures the organisation meets all relevant legal, regulatory and industry requirements, from GDPR privacy rules to industry-specific standards like HIPAA for healthcare. source

When Enrique Laso joined MAPFRE USA as executive vice president of information technology in 2015, the insurance company’s legacy systems were showing their age. The IBM AS/400- and mainframe-based applications the property and casualty insurer had relied on for many years were costly, inflexible and difficult to connect to the third-party data sources critical to policy underwriting, timely claims processing, and fraud prevention. The company was also grappling with a strong undercurrent of change in the insurance business driven by challenging market conditions, technology disruption, and changing customer preferences. Although insurance has always been a data-driven business, competition was forcing companies to digitize and streamline their internal processes at a rapid pace. “It was very difficult to integrate and make changes with the legacy systems,” Laso said. “We were having problems just finding people with the skills to maintain our existing systems.” Many other insurers were migrating away from the mainframe-based policy administration solution MAPFRE used, making the skills crunch more acute. Migrate or switch? The choice facing MAPFRE was whether to modernize its existing application and infrastructure or migrate to a new solution. “We realized that a step-by-step approach would take longer and be more complicated,” Laso said. “We also had to ensure there was minimal, if any, impact to our customers and agents in Massachusetts, our largest market.” After considering various architectural approaches, MAPFRE migrated to a new core technology platform based on products from Guidewire Software and Duck Creek Inc. Among other vendors, the company engaged the technology and professional services firm, CGI, which had built MAPFRE’s mainframe solution years earlier, to assist with the project. “CGI is a very well-established firm with whom we have conducted business for more than 50 years,” Laso said. “They had deep knowledge because of their experience providing our legacy platform, so when we had to transform our processes using new technology they were a clear choice.” To minimize risk, MAPFRE chose to implement the new software in parallel in an independent, separated instance from its legacy systems. “It’s easier to manage risk with something independent from the systems in operation,” Laso told McKinsey.1 “This allowed us to manage the project risks while building and testing and then handle the main business risks in the rollout.” Two-phase migration The switchover would happen in two phases. The new system would go live first to handle new personal lines policies with an on-prem implementation as, at that point, no software-as-a-service options met MAPFRE’s needs. Then, in phase two, the commercial lines  side of the business would migrate to a cloud-based platform. After several months of testing, MAPFRE switched on the new system. Some disruption was inevitable, Laso said. For several months after go-live, agents had to switch between the legacy and the new systems, as policies were converted progressively upon renewal. The transition ultimately took about a year, but migration speed was less important to MAPFRE than minimizing business disruption, which it did successfully. MAPFRE went live with the first phase of the new system, personal lines, in May 2020. The second phase, Commercial Lines, went live in March 2022. The execution of this project came at an opportune time during the early phases of COVID-19. “The pandemic, and the years following it, have been very complex times in insurance,” Laso said. “It was a huge company effort, but this transformation has helped us improve our offerings and become a more data-driven company.” Despite the pandemic’s disruption, the migration was completed just one month behind schedule. Reaping the benefits Now that it is fully up and running with a new technology stack, MAPFRE is reaping the benefits of improved integration capabilities, a modern core system, faster access to data analytics, and greater underwriting and claims processing flexibility. Laso said he has made a point of opting for packaged solutions wherever possible and integrating with external applications and data sources through application program interfaces to minimize rigid, hard-coded connections. “We put a lot of focus on the middleware layer to improve integration with many external third parties and internal applications,” Laso said. It’s far easier with the new system because integration is decoupled using APIs.” Analysts now have access to modern tools for such tasks as forecasting and modeling risks. “Operationalizing advanced models in the old platform was very complex,” Laso said. “It’s important for us to be able to extract a lot of data from our transactional systems for our colleagues in analytics to develop and train our models. That process is now much easier.” The new system has enabled MAPFRE to implement and operationalize advanced data analytics and artificial intelligence models that have helped serve its customers better and speed up claims processing. The long partnership between MAPFRE and CGI has been key to the initiative’s success. The technology firm’s knowledge of MAPFRE’s technology and processes and its decades of experience supporting MAPFRE’s processing needs helped ensure that the two companies could focus their energies on business transformation through technology. “The fact that CGI has been our vendor for more than 50 years speaks a lot about the trust and the quality of the relationship we’ve built,” Laso said. For more information on how CGI can help aid your digital transformation, click here. [1] Going all in: How one insurer updated its technology stack, McKinsey & Co, Jan. 3, 2022 source

As one of the world’s leading suppliers of doors and other building products, Germany’s Hörmann Group is constantly trying to improve business interactions and customer experience (CX) by unifying marketing activities, sales, repair, and maintenance services. Recognizing an opportunity for progress, Hörmann has revolutionized its field technology, much to the delight of its sales force. For example, after visiting multiple customers daily, reps often waited until the end of the week to compile reports of each interaction. Although report-generating was essential for Hörmann’s customer centricity, sales reps were said frustrated by the time-consuming process. Plus, the fact that the reports weren’t composed for several days meant that information was forgotten in the interim, leading to incomplete submissions. Looking for that high-tech cure These predicaments surfaced during a crisis in the German construction industry, which was caused by rising costs, stricter regulations, shortages of skilled labor and raw materials, and pressures related to integrating digital technology, among other factors.   During the best and worst of times, businesses can only move forward by maintaining and supporting positive relationships with customers—an objective that would be best achieved if Hörmann had a quick, easy tool for recording visit reports as soon as each customer meeting ended. As Hörmann consistently seeks to leapfrog innovation, the company proactively laid the groundwork for developing an AI-powered “visit report assistant,” setting the stage to capture the building products industry’s attention and drive forward its transformative potential. Changing the face of customer relationships From its headquarters in Steinhagen, Hörmann has sold more than 20 million doors since 1935, operating an enterprise that employs more than 6,000 staffers in over 40 factories in Europe, North America, and Asia.  Sales locations can be found in some 40 countries, while sales partnerships have been established in 50 more. Working with multinational software leader SAP,  Hörmann has been using the company’s SAP Customer Experience solutions since 2018. However, by the early part of this decade, the traditional SAP Sales and Service Cloud mobile app could only provide simple speech recognition while transcribing the audio from visit reports. But SAP already had the technology to expand the app’s capabilities via its SAP Business Technology Platform (BTP), a suite of solutions designed to integrate, automate, extend, and build AI-powered innovations. For Hörmann, those options would now be activated to create the new visit report assistant. Upon concluding a meeting, a representative could casually narrate each detail while walking back to the car or transit station, keeping the most important points of the exchange. The solution would “secure all relevant data…directly after the visit with a minimum of time investment,” noted Hörmann’s head of Department Central Customer and Service Applications, Lennard Eichler. More importantly, the tool would produce a concise, real-time summary of the proceedings in a standardized, easy-to-comprehend format, using AI Whisper to accurately transcribe audio recordings and a Large Language Model (LLM) to ensure that all spellings and terminology are correct.  Each report could then be swiftly handed over to customers, enabling all parties to work from the same point of departure. From frustration to efficiency for sales reps and customers Deployed in January 2025, the visit report assistant eliminated tedious copy-and-paste tasks, freeing employees from laborious writing sessions, and giving them more time for value-adding activities and reducing demotivation. The seamless flow of data allows each sales team to have the most updated information at its disposal, summarizing the text with keywords that can be scanned for a quick overview of the visit. Today, the time required for documentation has dropped by 83 percent, as sales reps can compose a visit report in five minutes, as opposed to 30 minutes before the implementation. All told, sales reps have already saved more than 5,220 hours on tasks related to assembling the data. Internally, employee satisfaction has shot up, as reps describe a reporting process that’s less burdensome while significantly more efficient.  Driving innovation in the industry  By developing a visit report assistant that has become the industry-leading CX standard, Hörmann was distinguished as a winner at the 2025 SAP Innovation Awards in the “AI Excellence” category. The yearly event celebrates forward-thinking organizations harnessing SAP products and cloud technologies to flourish in an ever-changing landscape – and Hörmann is being widely recognized for spearheading this trend.  You can learn more about what Hörmann did to earn such recognition by reading their Innovation Awards pitch deck. source

Translating the model to private sector applications Since leaving government, I’ve seen teams across multiple industries who face similar challenges, and I believe the principles that made our digital C-suite effective can translate directly to private sector environments. For enterprise CIOs leading digital transformation initiatives, I would recommend several actionable steps. First, bring your CISO and CDO into early-stage strategic planning, not just operational reviews. This ensures security and data governance influence architecture decisions rather than constraining them after the fact. Second, define shared success metrics across your digital leadership roles. Third, recognize that cyber risk, data governance, and innovation are interconnected facets of the same enterprise challenge. The most successful implementations I’ve observed focus on building this collaboration around a galvanizing challenge that demonstrates clear value to the teams working on the project and the broader organization that will benefit from its success. Today, I would center this model around enterprise AI adoption, a challenge that inherently requires seamless integration of IT infrastructure, data governance, and cybersecurity. source