For too many people, the concepts of “acting as a responsible CIO” and “taking risks” are mutually exclusive. A Traditional CIO is accustomed to a world where if nothing breaks, their job is safe. If they don’t touch anything, they can’t break anything. In this paradigm, taking risks is unwise.
In my opinion, rampant risk avoidance is the reason CIOs now lose their jobs at the second highest rate among the C-suite. Inaction—or maintaining the status quo—carries a much greater threat to the CIO (and the organization) than does taking an active stance and assuming the associated risks. In the digital age, where IT is the business, being CIO is like playing quarterback: if you stay in the pocket long enough, you will get sacked. You have to make a move.