ServiceNow and Accenture Go After the Legacy Risk Platform, and the CIO's Remit Keeps Growing
Digital Transformation

ServiceNow and Accenture Go After the Legacy Risk Platform, and the CIO's Remit Keeps Growing

A new ServiceNow and Accenture offering targets the costly migration off legacy risk platforms, betting that autonomous, AI-driven risk operations are the next enterprise standard.

PublishedJuly 1, 2026
Read time6 min read
Share

Two Giants Target the Same Bottleneck

ServiceNow and Accenture have unveiled a joint set of AI-powered services aimed at one of the least glamorous but most expensive problems in enterprise security: getting off aging risk and compliance platforms. The offering bundles integrated risk management, third-party risk management, and operational technology risk into services built on the ServiceNow AI Platform, layered with AI agents for proactive compliance. The headline component, though, is an Accenture-built migration solution designed to automate the move from legacy risk tooling onto ServiceNow itself.

The partnership is a bet that risk management is overdue for the same consolidation that swept IT service management a decade ago. Enterprises today juggle a patchwork of point tools for governance, vendor risk, and compliance, each with its own data model and blind spots. By combining ServiceNow's platform with Accenture's implementation muscle, the two companies are pitching a single, AI-driven fabric for enterprise risk. Whether customers buy the vision or not, the move signals where both firms think the growth is: not in new dashboards, but in ripping out and replacing the old ones.

Why Legacy Risk Platforms Are the Problem

The economics behind this launch are stark. The average cost of a data breach reached an all-time high of 10.22 million dollars per incident in 2025, up roughly nine percent year over year, and AI has compressed the window between a vulnerability being discovered and exploited from months down to mere hours. Legacy risk platforms, built for a slower, more manual era, simply cannot keep pace with that tempo. They generate findings that sit in queues while attackers move at machine speed.

That mismatch is exactly what the offering aims to attack. Accenture's global chief technology officer for cybersecurity, Rex Thexton, put it plainly, arguing that companies need more than isolated security tools; they need the ability to connect risk insights, automate decision-making, and respond at enterprise scale. The implicit critique of the status quo is sharp. When your defensive tooling operates on a human timeline and your adversaries operate on an automated one, incremental improvements are not enough. The pitch is that only a consolidated, AI-native platform can close that gap.

Agents Move From Dashboards to Decisions

The most consequential shift in this announcement is philosophical. The services include AI agents that monitor regulatory changes, automate responses, and manage vendor lifecycles, moving risk tooling from passive reporting toward active decision-making. Lou Fiorello, who leads security and risk products at ServiceNow, framed it as a change in kind rather than degree, arguing that the future of cybersecurity will be driven by autonomous operations powered by AI. That is a meaningful escalation from software that flags problems to software that acts on them.

We would temper the enthusiasm with a caution that any risk leader will recognize. Autonomy in security is a double-edged capability. An agent that can automatically remediate a misconfiguration can also automatically make a bad situation worse if its judgment is flawed or its context is incomplete. The value of moving from dashboards to decisions is real, but it raises the stakes on testing, guardrails, and human oversight. The organizations that benefit will be those that deploy autonomy deliberately, with clear boundaries, rather than those that switch it on and hope.

The Migration Play Is the Real Moat

Strip away the messaging and the migration tooling is the commercially clever part of this deal. The single biggest reason enterprises stay on legacy risk platforms is not loyalty; it is the cost, disruption, and sheer terror of migrating off them. By offering AI-powered migration that promises to reduce cost, minimize disruption, and accelerate time to value, Accenture and ServiceNow are directly targeting the switching-cost barrier that keeps incumbents entrenched. Whoever lowers that barrier gets to harvest the displacement.

This is where the partnership's logic clicks into place. ServiceNow supplies the destination platform and Accenture supplies the credibility and labor to get customers there safely. For enterprises, an automated migration path is genuinely attractive, because the alternative is a multi-year manual project with real operational risk. For competitors, it is a warning. The battle for enterprise risk management will not be won on features alone. It will be won by whoever makes leaving the old system feel safe, and this offering is built precisely to make that case.

McDermott's Bet on the Expanding CIO

ServiceNow chairman and chief executive Bill McDermott used the launch to restate a thesis he has been pressing all year: that the CIO's power is growing, not shrinking, in the agentic era. The biggest IT buyer in the enterprise was, is, and will continue to be the CIO, he argued, adding that this remit will substantially expand with the complexity of the agentic business. It is a self-serving claim from a vendor that sells to CIOs, but it is not wrong, and the trend lines support it.

As autonomous agents proliferate across security, operations, and customer functions, someone has to own the platform they run on, the data they touch, and the governance that keeps them in bounds. That someone is increasingly the CIO, whose scope now stretches from infrastructure into risk, compliance, and the orchestration of AI itself. McDermott's framing captures a real shift in the org chart. The question for technology leaders is whether they are resourced and empowered to actually carry the expanded remit, or whether they are simply being handed more accountability without more authority.

The Governance Caveat

For all its promise, this kind of consolidation carries a familiar risk that we would urge leaders not to gloss over. Centralizing risk management, migration, and autonomous response onto a single platform delivers coherence, but it also concentrates dependency. If the platform or the agents running on it fail, misjudge, or get compromised, the blast radius is the entire risk function rather than one tool among many. Modernization should not quietly trade a fragmented-but-resilient posture for a unified-but-brittle one.

The pragmatic path is to embrace the operational gains while insisting on the controls that make autonomy trustworthy: clear audit trails, tested rollback procedures, and human checkpoints on high-impact actions. This offering is a credible answer to genuinely painful problems, from breach costs to migration paralysis, and it deserves serious evaluation. But the same AI that makes risk operations faster can make mistakes faster too. The winners will be the enterprises that adopt this wave of agentic risk tooling with their eyes open, not the ones dazzled by the promise of a fully autonomous control room.

Tagged#news#digital-transformation#enterprise#governance#agentic-ai#cio