The CIO’s evolving priorities: What’s changed and what to expect in the future

Illustration showing a government building above a balance scale. One side holds icons for security and identity, the other for cloud and AI. Text reads: 'Top priorities for government CIOs in 2025.'
Laura Bauer

The CIO’s evolving priorities: What’s changed and what to expect in the future

Public sector CIOs face a complex and ever-changing landscape. Comparing NASCIO’s 2025 CIO priorities to the 2023 and 2024 lists reveals some interesting patterns and emerging trends. To explore those shifts in more depth, we chatted with IT leaders from the City of St. Louis about how they’re adapting to evolving technology, workforce limitations, and resident expectations.

If you missed the live session, you can watch the full webinar on demand here.

This recap highlights the top priorities for government CIOs, including cybersecurity, legacy modernization, digital accessibility, and the thoughtful use of AI. 

What are the top priorities for government CIOs in 2025?

The discussion centered on the NASCIO Top 10 Priorities for 2025 and how those priorities have shifted over the years. IT leaders from St. Louis provided real-world context for how cities are responding to emerging technology, risk, and rising resident expectations.

1. Cybersecurity and risk management are always top of mind

Cybersecurity remains the top concern, and for good reason. Dan Jones, Network Systems Manager, emphasized the ongoing threats that government agencies must guard against:

  • DDoS attacks are now daily occurrences, not rare events
  • Phishing and ransomware continue to target city systems and employees
  • Penetration testing is conducted regularly to identify vulnerabilities before bad actors do
  • Multifactor authentication (MFA) and identity access controls are being strengthened
  • User education and awareness campaigns help prevent social engineering attacks

Tech systems won’t ever be 100% secure, but you can get close, Jones acknowledged, but it’s the IT teams’ job to make it as hard as possible for attackers to get in.

2. Legacy system modernization is a continuing project

Amir Softic, IT Manager, described the city’s long-term efforts to replace mainframe-era systems with modern, cloud-based applications.

  • New systems focus on 24/7 availability, remote access, and resident self-service
  • Workforce attrition and limited hiring pools for legacy technologies underscore the urgency of modernization

“Legacy modernization should really be called legacy migration,” Softic said. “We’re not just updating — we’re replacing outdated platforms entirely.”

3. Accessibility and digital equity should be on everyone’s roadmap 

Accessibility includes serving residents with disabilities, people with limited tech literacy, or those who live in rural locations. And with more services moving online, ensuring inclusive access is no longer optional. 

Here’s how St. Louis is responding:

  • The city is expanding eBilling and self-service tax portals via PayIt to reach residents anytime, anywhere
  • Improved digital access correlates with higher revenue collection and greater resident satisfaction

Taxpayers want to see their bill as soon as it’s ready, which requires real-time access. Being able to view and pay bills immediately makes it easier for residents to self-serve, and it’s more efficient for the agency.

“The more accessible we are, the bigger the collection,” said Jones. 

4. AI adoption in government is increasing strategically 

Although most jurisdictions are taking a cautious, compliance-first approach to AI, that doesn’t mean implementation is behind. While mindful of security concerns, St. Louis has already incorporated AI tools: 

  • AI is used internally for logic checks, document summarization, and layman-level explanations of technical topics
  • The city is exploring tools for code generation and requirements gathering in modernization projects
  • AI use is centered around a strict adherence to data privacy laws 

How do CIOs prioritize projects?

When resources are limited, CIOs must make tradeoffs between staff, budget, and timelines. St. Louis leaders shared their prioritization framework:

  • Security first: Systems lacking cybersecurity controls get immediate attention
  • Impact-based selection: Projects that affect the most users or improve service delivery rise to the top
  • Compliance-driven deadlines: IRS audits, NIST standards, and PII regulations dictate certain investments
  • People and budget gaps: Even with surplus funds, unfilled roles can slow progress

“We ended 2024 with a $42M surplus, but nearly 30% of positions are unfilled. Sometimes you have the money but not the people,” said Softic.

Modernizing with purpose: Strategic tips from government IT leaders

If you’re a public sector CIO or IT leader, here are four lessons from the City of St. Louis that can inform your 2025 tech strategy:

  1. Cybersecurity is foundational: Build layers of protection, test frequently, and educate users
  2. Modernization must move forward: Legacy systems are a risk — migration is not optional anymore
  3. Accessibility boosts engagement: Digital services must serve all residents, not just the digitally fluent

AI should support, not replace, human decisions: Focus on logic, process improvement, and compliance

Looking for more content?

Get articles and insights from our monthly newsletter.

Subscribe

You might also like