What State CIOs Are Focused on in 2026: Key Takeaways from the NASCIO Midyear Conference

Key takeaways: AI governance, cybersecurity resilience, modernization ROI, and enterprise transformation emerged as dominant themes among state technology leaders. 

The National Association of State CIOs (NASCIO) 2026 midyear conference held recently in Philadelphia made one thing clear: state government technology leadership is entering a new phase. Artificial intelligence (AI) no longer is an emerging topic. Cybersecurity no longer is viewed as a standalone information technology (IT) issue. And state chief information officers (CIOs) no longer are being treated simply as infrastructure managers. Across various educational sessions and discussions, a new operating model for government technology leadership emerged — one centered on governance, measurable value, enterprise transformation, and public trust.

Takeaway 1: AI focus shifts from adoption to management

The biggest shift was the rise of artificial intelligence as the top priority for state CIOs. For the first time in NASCIO’s 20-year State CIO Top Ten priorities list, AI overtook cybersecurity as the top concern. But the discussion was not focused on experimentation or hype. State CIOs already are moving beyond the question of whether they should adopt this technology. Instead, they are asking about how to govern it responsibly, secure it properly, measure its value accurately, and deploy it in ways that maintain public confidence.

What stood out most was how broadly states are defining AI. The conversation now includes generative AI, agentic AI, machine learning, governance frameworks, workforce impacts, ethics, security, privacy, data quality, and operational readiness. This reflects a more mature market. Governments are beginning to recognize that AI is not simply a technology implementation challenge — it also is an enterprise governance challenge.

One of the most important developments discussed at NASCIO was the emergence of agentic AI. Unlike traditional generative AI tools that primarily create or summarize content, agentic AI systems are designed to take limited actions, manage workflows, and support multistep processes while remaining under human oversight. According to several subject-matter experts who spoke at the conference, many states already have responsible-use policies, AI inventories, and governance structures in place, and several states have begun deploying agentic AI capabilities into production environments.

This signals a significant evolution in public-sector AI adoption. The conversation is shifting from “AI that writes” to “AI that helps work happen.” Potential use cases discussed included workflow automation, compliance monitoring, employee onboarding, approval routing, citizen application processing, and backlog management. In public safety and justice environments, this evolution becomes even more impactful, with potential applications in incident triage, cybersecurity operations, records management, court modernization, and citizen service intake.  

Takeaway #2: Cybersecurity is still a very big deal

At the same time, cybersecurity remains deeply urgent — but the framing has changed. The NASCIO-Deloitte Cybersecurity Study revealed a substantial decline in confidence among chief information security officers (CISOs) at the state level. Far fewer cybersecurity leaders now believe their organizations are adequately protected from threats compared with just a few years ago. Confidence in the cybersecurity capabilities of local governments and public higher education institutions has also fallen sharply.

Importantly, cybersecurity discussions are becoming more interconnected with AI governance, enterprise risk management, and holistic state resilience. CISOs increasingly are involved in shaping AI policy and security strategy while simultaneously facing growing budgetary pressure and workforce constraints. This means cybersecurity is no longer being discussed only as a technical defense function. Instead, it is being treated as an enterprise-wide risk management discipline tied directly to operational continuity, governance, and public trust.

Takeaway: A greater emphasis on ROI is emerging

Another major theme emerging from the conference was the growing demand for measurable outcomes and proof of effectiveness. State and local governments are entering a more financially constrained environment. Federal funding uncertainty, the end of the American Rescue Plan Act (ARPA)-era spending, and rising modernization demands are forcing technology leaders to justify investments more rigorously. Conversations during NASCIO were centered on return on investment (ROI), operational efficiency, cost avoidance, risk reduction, and measurable public value.

This shift changes how technology projects must be positioned. Government leaders no longer are satisfied with broad modernization strategies or conceptual roadmaps. They want defensible business cases, measurable performance metrics, executive dashboards, and clear demonstrations of value. Leaders need to understand not only what should be modernized, but also how those investments will reduce costs, improve operations, strengthen resilience, and deliver better services to citizens.

Takeaway 4: The state CIO role is shifting

Perhaps the most significant strategic takeaway from the conference was the evolving role of the state CIOs. The conference consistently framed CIOs less as technology operators and more as enterprise change leaders. Today’s CIO is expected to manage secure and reliable operations while also guiding modernization, digital transformation, AI adoption, workforce evolution, and cross-agency governance.

This represents a profound shift in public-sector leadership expectations. State CIOs increasingly are being asked to help governors, agencies, and legislatures navigate complex organizational transformation — not simply oversee infrastructure procurement and implementation. Technology leadership is becoming inseparable from enterprise leadership.

Finally, privacy and accessibility emerged as essential components of enterprise governance rather than standalone compliance requirements. States increasingly are integrating privacy officers, accessibility leaders, procurement teams, cybersecurity professionals, and AI governance groups into broader enterprise decision-making structures. Modernization initiatives are now expected to demonstrate alignment with privacy protections, accessibility standards, security controls, procurement discipline, and public trust objectives from the beginning.

This kind of impact was on display throughout the Nevada Department of Motor Vehicle (DMV)’s modernization, which recently received NASCIO’s 2026 Champion Award. The initiative was cited for the DMV’s transformation of its legacy, in-person processes to a digital-first operating model. Today citizens can access the DMV’s services 24/7 via a web portal using all manner of connected devices. MCP is proud to be part of Nevada’s team, and we congratulate them on this remarkable achievement. We welcome the opportunity to help other public sector leaders bridge policy and execution, connect technology to business outcomes, and modernize in ways that earn public trust — let’s chat.