Across Europe, the Middle East and Africa (EMEA) digital business is at a crossroads: according to Gartner\u2019s 2019 CIO Agenda Survey, 35 percent of CIOs surveyed in EMEA are ready to roll their digital initiatives on a broader scale. That\u2019s 20 percent more CIOs who made the same claim last year. Gartner\u2019s annual global survey included 3,100 CIO participants in all major industries, including 921 respondents in 53 EMEA countries.\n\u201cEMEA CIOs are setting the example when it comes to harvesting the results of digital initiatives,\u201d says Andy Rowsell-Jones, a Gartner VP and Research Director. \u201c[Their] success at evolving endeavors to scale is higher in EMEA than among their CIO counterparts in North America, Latin America and Asia\/Pacific. In addition, to encourage the application of \u2018digital\u2019 at scale within their organization, 64 percent of EMEA CIOs fostered better collaboration with the business, and 46 percent reduced silos and internal complexity.\u201d\nHowever, creating or expanding digital business requires doing more. Cyber-security and risk management must also be reshaped. Mobile, cloud computing, social networking and the Internet of Things, as well increasing compliance regulations, are some of the factors driving the need for these corporate overhauls.\nNearly half of EMEA CIOs drive business transformation\nThe spread of digital business is compelling companies to revise their business models. In the survey, 47 percent of EMEA CIOs reported that their organizations have changed business models or are doing it. Obviously, as this process unfolds, the CIO role will be critical \u2013 and, indeed, the survey indicates that 58 percent of EMEA CIOs are leading the charge or are deeply immersed in the business model change in their organization.\nWithin the 39 percent of EMEA organizations that are re-doing their business model, a desire to react to consumer demands (for better customer service, for example) and a need to protect the firm\u2019s market reputation, are motivating the change. According to the survey, EMEA CIOs are trying to make it easier for customers to engage with their organizations (49 percent) and using digital means to lessen the cost of this engagement (46 percent).\nGame-changers in 2019: AI, data and analytics\nSince paving the way for more digital business is expected to remain top of mind for 29 percent of EMEA CIOs, investments in spending disruptive technologies will certainly rise. The three most-funded technology areas in 2019 will be familiar to anyone keeping tabs on digital enterprise trends: 44 percent of EMEA CIO survey respondents said they will direct most of their new spending to business intelligence\/data and analytics; 41 percent to cyber-security; and 37 percent to digital business initiatives (including marketing).\nComing in sixth in terms of new or increased spending was Artificial Intelligence (AI), which was also singled out at the technology area promising the biggest game-changing potential. Data and analytics, which historically has snagged the top spot, took second place in terms of new spending this year, with 23 percent of the EMEA respondents naming it as their top IT spending priority. But AI is grabbing most of the attention; the survey suggests that more and more organizations are using it in broader and more sophisticated ways. Voice interfaces and process optimization are among the top five technologies that EMEA CIOs have implemented or will deploy in the next year as AI steps into the spotlight.\nUnsurprisingly, in light of a myriad of security challenges and tightening regulations globally, cyber-security was ranked the top digital deployment technology in EMEA. CIO respondents increased their deployment of cyber-security year over year, with 86 percent having already deployed it or planning to do so in the next 12 months. This represents a 10-percent increase over last year\u2019s finding.\n\u201cThis year, EMEA CIOs are excelling at scaling their digital initiatives,\u201d says Mr. Rowsell-Jones. \u201cHowever, they face barriers, including insufficient resources (44 percent) and business culture blocking change (38 percent). To continue the positive momentum, it\u2019s paramount that EMEA CIOs build stronger relationships with business executives and promote the value of IT internally.\u201d\nClosing vulnerability gaps\nOrganizations can\u2019t put cyber-security on the back burner as they take advantage of digital technology\u2019s benefits. As today\u2019s firms jostle for position and fight to stay apace with the rapidly evolving digital universe, they tend to rely more and more on fragmented IT landscapes and third-party service providers. In the short term, these provide a certain amount of flexibility and nimbleness that may not be possible to reproduce in-house, but it can also increase operational and regulatory risk exposure.\nIt\u2019s not hard to understand why. When firms embrace cloud computing, web and mobile applications and other connected devices in the Internet of Things, their technology infrastructure necessarily becomes more complex and decentralized. The number of real and potential entry points into the organization increases and the consequences of outages \u2013 including crippled productivity, reduced revenue and damage to the organization\u2019s brand \u2013 similarly escalate.\nCompliance requirements are tightening\nCyber-attacks are part of the brave new world that almost every organization operates in today. Whether they replicate the recent breaches at Marriott, which leaked a stunning 500 million guest records, or at British Airways, which exposed hundreds of thousands of payment transactions, or the series of DDoS attacks that briefly took numerous Dutch banks offline earlier this year, these infiltrations can result in major monetary losses, reputational hits and potential compliance problems. As hazards continue to grow in number and cleverness and new technologies expose more and more parts of an organization to digital wrongdoers, every firm must expect that a security breach to come their way and take steps to prepare themselves for worst-case scenarios.\nData privacy is a constant worry, as new regulations and public scrutiny exposes organizations to hefty fines, sanctions and a loss of trust among the people they serve and partner with. The General Data Protection Regulation (GDPR) applies to all organizations that process and hold the personal data of any EU resident, no matter where they are located. For EMEA CIOs and others who must comply with GDPR, a data breach per se is not subject to punitive action, but \u201cevery unintended loss of (control over) personal data\u201d must be reported to the regulatory authority within 72 hours of detection. When a breach has a potential impact, the firm should notify the affected individuals, too. A follow-up investigation into the incident or a failure to notify victims might translate into a ruling of non-compliance and result in regulatory action. Thus, CIOs must take appropriate actions to prevent incidents in the first place and mitigate risks to safeguard the digital journey.