Digital Transformation in CEE: three non-negotiable conditions to avoid being left behind

Talking about the economic future of Central and Eastern Europe today means talking about technology. But this isn’t about abstract visions; it’s about concrete money. A 2022 McKinsey report clearly shows that accelerating digitalization could add over €200 billion to our region’s GDP by 2030, pushing the value of the digital economy to €330 billion. This isn’t a forecast; it’s a battlefield for the customer and the market, where the ability to react quickly is paramount. The pandemic only accelerated the inevitable, forcing companies to open up to customers digitally at a pace no one expected.

However, behind these big numbers lies a harsh reality. It’s said that as many as 70% of transformation projects fail to deliver on their promises. From my perspective, the problem isn’t a lack of ambition. It lies in a fundamental misunderstanding of what technology means for business today. Many executives still see it as a series of isolated IT projects—a new app here, a cloud migration there. This thinking leads nowhere, because a real transformation is not technological makeup.

It’s a deep overhaul of how the entire company operates. Its success depends on three fundamental, non-negotiable pillars. First, you must have the courage to confront what you have “under the hood”—the paralyzing weight of old legacy systems. Second, security must stop being the brake pedal and become an integral part of the business offering. Third, and perhaps most importantly, management must stop being just a sponsor. It must become the architect of change. Ignoring any of these points is a straight path to failure.

Pillar 1: confronting the core: technical debt as a brake on innovation

Boardroom meetings are dominated by presentations about slick interfaces and perfect customer journeys. We want to build what’s new and impressive. But what’s the point if we’re building these shiny facades on shaky foundations? This is the reality for companies trying to apply “digital lipstick” to their legacy systems. This approach, where a modern front-end covers an old, monolithic core, is asking for trouble. It generates technical debt.

Technical debt is the silent killer of agility. It’s the cost of all the shortcuts, compromises, and postponed decisions. It’s not just messy code—it’s a complex web of old systems, processes, and dependencies that makes any change incredibly expensive and slow. You can’t react quickly to market needs when every modification requires months of analysis and testing.

And it costs. A lot. Market analyses show that technical debt can eat up to 40% of a company’s entire IT budget, not for development, but just to maintain the status quo. McKinsey estimates that 10-20% of the money that should go toward new products is quietly spent patching old holes. This is capital that is being wasted instead of driving the business forward.

For companies in our region, which have spent decades building their systems, this is a massive challenge. Today, they have to compete with players who started from scratch, without this baggage. That’s why a confrontation with the technological core is unavoidable.

I’m not advocating for a revolution and replacing everything at once—such projects rarely succeed. The solution is evolution. You have to start thinking about architecture in a component-based way. Build a flexible platform that allows you to gradually, module by module, cut off and replace old functions with new ones, often in the form of microservices. It’s a long road, but it’s the only one that lets you regain agility and the ability to deliver business value quickly.

Pillar 2: security as a foundation of trust, not a business blocker

For years, security departments were seen as the ones who always say “no.” That era is over. In an economy where everything is based on data and digital platforms, trust is the key currency. And security is the foundation of that trust. A customer or business partner must be certain that their data is safe.

The threat landscape has changed dramatically. We’re talking about hundreds of millions of attacks daily. The cost of a single successful breach is millions of dollars. It’s no surprise, then, that for over half of CEE managers, cybersecurity is now risk number one.

On top of this comes regulatory pressure. The NIS2 Directive is a revolution. Its scope is enormous, and its requirements are strict. But the key change it brings is the personal liability of management. The days of delegating the topic to IT are over. Now, the board must oversee, approve, and understand the cybersecurity strategy. The penalties for negligence are severe—not just financial, but also personal, including bans on holding managerial positions.

NIS2 must therefore be treated not as a burdensome obligation, but as a strategic opportunity. It’s a mandate to finally build a “security by design” culture in the company. Security must be built into every product, every service, and every process from the very beginning. Companies that understand this will not only comply with the law. They will build something much more valuable: resilience and a reputation as a solid partner. And today, that is a powerful competitive advantage.

Pillar 3: leadership: from sponsor to architect of change

Let’s say you’ve dealt with technical debt and built a security fortress. Does that guarantee success? Absolutely not. The ultimate factor is leadership. Those 70% of failed transformations are largely a story of leadership failure. A failure to communicate a vision and a failure of determination to guide the company through a difficult process of change.

We still see a big gap between declarations and actions in the region. Many companies claim to have a digital strategy, but when it comes down to it, it turns out to be just a collection of loose ideas. Management often takes on the role of a sponsor—they provide the money and wait for results.

That’s not enough. Today’s leader must be an architect. They must actively design the company’s future. What does this mean in practice?

First, they must be able to answer the “why.” The vision for the transformation must be clear, compelling, and linked to specific business goals. Everyone in the company needs to understand why we are doing all this.

Second, they must lead the cultural change. Technology is a tool. The hardest part is changing people’s habits. You need to build an organization that operates with agility, makes data-driven decisions, and isn’t afraid to experiment.

Third, they must relentlessly execute and demand accountability. You need mechanisms that measure the real value delivered by projects. You have to have the courage to quickly kill initiatives that don’t show promise.

And finally, leaders themselves must understand technology. The era of managing from a position of ignorance is gone for good. Regulations like NIS2 only confirm this. You have to be able to ask the right questions and guide your company in the digital world with full awareness.

Conclusion: it’s time to build

The digital future of our region is not a given. The enormous opportunity for growth and innovation is within reach, but we won’t seize it by simply buying more technology. It will be seized by those companies that do the fundamental work at the foundation.

This work rests on three pillars: a modern, flexible technological core, security built into the organization’s DNA, and a new model of engaged leadership. These elements are inextricably linked. A modern architecture is easier to secure. Strong security protects the value we build on digital platforms. And only wise and determined leadership can tie it all together into a coherent whole.

For the management of CEE companies, the task is clear. It’s time to stop with half-measures and looking at facades. You have to go down to the engine room and check the foundations. Building a truly digital, secure, and agile enterprise is the most important managerial challenge of our time. The time to start building is now.