Blog – CIO.works

As Klarna Flips From AI-first to Hiring People Again, a New Landmark Survey Reveals Most AI Projects Fail to Deliver

Klarna, after relying heavily on AI for customer service, is shifting back to hiring humans due to AI's “lower quality” results. CEO Siemiatkowski stated they need human agents for better customer support. An IBM survey found that only 25% of AI projects succeed as expected. Klarna aims to improve service quality while still maintaining an AI-first strategy, planning to offer flexible freelance roles for customer support.

https://fortune.com/2025/05/09/klarna-ai-humans-return-on-investment/

Compliance Now Biggest Cyber Challenge for UK Financial Services

By CIO / Blog / regulation, cybersecurity

Compliance is the top cyber challenge for UK financial services, as cited by 44% of surveyed firms. Key issues include data protection, remote work support, and cloud security. The EU's DORA regulation, effective January 2025, highlights the need for robust cyber resilience. Supply chain attacks take the longest to respond to (16 hours), with significant concerns about threats from nation-states. A third of firms are using AI in cybersecurity, viewing AI-powered phishing as a major threat (89%).

https://www.infosecurity-magazine.com/news/compliance-cyber-challenge-uk/

CIOs Turn to ESG Tech as Part of Sustainability Leadership

By CIO / Blog / sustainability

CIOs play a key role in corporate sustainability by selecting technologies that support ESG (Environmental, Social, Governance) initiatives. Over 70% of investors advocate integrating sustainability into corporate strategy, driving demand for ESG software to improve compliance, data reporting, and operational efficiency. CIOs need to understand their organization's sustainability needs, collaborate with cross-functional teams, and evaluate software costs and ROI. Various software options exist for carbon accounting and broader ESG management, with many organizations opting to develop in-house solutions. The global market for ESG software is projected to grow significantly by 2030.

https://www.techtarget.com/sustainability/feature/CIOs-turn-to-ESG-tech-as-part-of-sustainability-leadership

Why Cybersecurity Shouldn’t Be a Checkbox Exercise

By CIO / Blog / PCI DSS, cybersecurity

Cybersecurity must go beyond mere compliance with regulations like PCI DSS as it does not equate to true security. Many small and medium-sized businesses mistakenly believe compliance provides safety, yet attackers specifically target them. Compliance often leads to a false sense of security, deprioritizing essential threat detection and response. Businesses need a risk-based strategy that identifies and addresses actual vulnerabilities, aligns with operational priorities, and uses dynamic, real-time threat detection. Ultimately, resilience against cyber threats should be the primary focus, moving beyond basic compliance to ensure ongoing business protection.

https://www.fastcompany.com/91331498/why-cybersecurity-shouldnt-be-a-checkbox-exercise

The Fine Print of AI Hype: The Legal Risks of AI Washing : Clyde & Co

By CIO / Blog / regulation, EU, AI

AI washing poses legal risks as companies exaggerate AI capabilities amid vague definitions in the EU's AI Act. Legal clarity is essential but increases scrutiny, with potential penalties for false claims. Companies face liability for misleading assertions to investors and customers. Developing accurate communications and verifying AI claims are crucial to mitigate legal repercussions.

https://www.clydeco.com/en/insights/2025/05/the-fine-print-of-ai-hype-the-legal-risks-of-ai-wa

Developers Prepare for Uncertainty, Look to Prior Regulations With AI Act Coming Online

By CIO / Blog / regulation, EU, AI

Developers are braced for uncertainty as the EU AI Act is enacted, acknowledging that evolving compliance strategies will be necessary due to ambiguities in the regulatory landscape. Experts emphasize adapting governance frameworks while recognizing the gradual implementation of regulations. Companies with prior regulatory experience, particularly in data compliance, are better positioned to navigate the Act's requirements, while the finalization of a general-purpose AI Code of Practice remains delayed. The European Commission is exploring simplifications to the Act to ease compliance for businesses.

https://iapp.org/news/a/developers-prepare-for-uncertainty-look-to-prior-regulations-with-ai-act-coming-online

AI and Competitiveness: Shaping Europe’s Digital Future

By CIO / Blog / regulation, EU, AI

EU must create supportive AI regulations, address digital skills gaps, and ensure AI accessibility for all businesses to enhance competitiveness.

https://www.aboutamazon.eu/ai-and-competitiveness-shaping-europes-digital-future

GDPR: What We Already Know (and Don’t)

By CIO / Blog / GDPR

Literature review on GDPR examines consumer and corporate awareness and knowledge of the regulation, revealing contradictions in findings. It proposes two hypotheses: (1) consumers are aware and knowledgeable about GDPR; (2) consumers lack awareness of the regulator. The overview highlights various survey results showing mixed levels of awareness across EU countries and suggests further investigation into public understanding of GDPR and its impacts on privacy perceptions.

https://hackernoon.com/gdpr-what-we-already-know-and-dont

This Cybersecurity Expert Is Popularizing Cyber Hygiene

By CIO / Blog / cybersecurity

Cybersecurity expert Confidence Staveley aims to mainstream cyber hygiene and tackle sector inequalities. Founder of CyberSafe Foundation, she promotes women’s participation in cybersecurity and educates marginalized communities through programs like DigiGirls and CyberGirls, alongside initiatives targeting children and seniors. Staveley highlights the vulnerability of small businesses and advocates for government support in cybersecurity education. She emphasizes the importance of understanding psychological factors in cyberattacks, suggesting a holistic approach to education and awareness.

https://www.weforum.org/stories/2025/05/make-cybersecurity-accessible-equitable/

Why GDPR-Style Regulation Needs an Upgrade: Lessons From Around the World

By CIO / Blog / GDPR

GDPR-style regulations need updating as they hinder innovation and contribute to a fragmented digital economy. Current frameworks struggle with emerging technologies like AI and real-time data processing, resulting in complexities and ambiguous implications. The healthcare and financial sectors are notably affected, with outdated regulations causing data silos and stifled innovation. Recent fines illustrate the growing costs of compliance errors. Alternative models from countries like Estonia and UAE show possible paths forward. The EU is shifting focus toward competitiveness and innovation, urging organizations to actively engage in regulatory discussions and adapt to evolving guidelines.

https://accesspartnership.com/gdpr-upgrade-lessons-from-around-the-world/