Logo
Become a Client

Category: Uncategorized

The deadline for the transposition of the EU’s second Network and Information Systems Security directive (NIS 2) came and went in October 2024 with only a handful of member states having completed the task. As it became clear that this was not just a minor case of not submitting the paperwork on time, the European Commission (EC) swung into action, initiating infringement proceedings against 23 member states in November 2024, with those countries given until January 2025 to provide updates on their progress or demonstrate that they had achieved compliance. Only Belgium, Croatia, Italy, and Lithuania escaped the wrath of the Commission.

Changes

Through the first half of 2025 the picture gradually changed, although decisive numbers depend on the interpretation of what it means to be compliant. In May 2025, 19 member states were on the receiving end of another ultimatum from the EC. However, by July 2025, the list of countries that had enacted laws on the implementation of NIS 2 had swelled to 14 states, with Cyprus, Denmark, Finland, Greece, Hungary, Latvia, Malta, Romania, Slovakia, and Slovenia joining the first four countries noted above. Denmark, Finland, Hungary, Latvia, and Slovenia were the countries with the dubious honour of having transposed the directive but still making the EC’s naughty list. The nuance is that countries not only have to transpose the law, they also have to provide full notification of all applicable legislation to the Commission.

Note that EC saber-rattling is not confined to NIS 2: the Commission provides a monthly list of its infringement decisions and recent iterations have included calls around energy legislation, emissions trading, corporate sustainability reporting, and more.

It’s also worth looking at why some of the non-compliant states have not made the required progress. In several cases, the countries in question have gone through changes in government, often multiple times. In Portugal, the government has toppled three times in three years, most recently in March 2025. Germany’s elections in February 2025 meant that all pending legislation either had to be reintroduced or was put on hold. The collapse of the Dutch government at the beginning of June 2025 further set back a process that was already behind schedule.

Legislative processes are complex and any disruption can lead to delays both initially and then further down their carefully calibrated calendars.

Under pressure

What does this mean for all the organizations covered – or likely to be covered – by the Directive? How should a company with operations in 10 EU member states, for example, build its compliance strategy and roadmap if 5 of those member states have transposed the Directive and 5 have not? The legislation is already extensive and complex enough without such additional uncertainty layered on top.

Uncertainty impacts organizational planning. According to IDC’s 2025 EMEA Security Technologies and Strategies Survey, almost two-thirds of organizations covered directly by the legislation had not yet started compliance work, as of spring 2025. Allocation of dedicated funding is difficult under these circumstances, with 82% of organizations saying they had not seen any change in their security budget to address NIS 2 requirements. That does not mean no funding is available – but when the directive comes into force in their relevant markets, it may require reallocation of existing funds from other initiatives.

Of course, there are measures that can be taken that do not require technology investments, with 19% of organizations saying they have updated their security policies and processes in relation to NIS 2 requirements. Still, that is less than 1 in 5.

Up the hill backwards

Delays in transposition of the legislation may lead some organizations to consider that time is on their side and there is little need to press ahead with preparations for compliance. Until a European law has come into force, there is no legal basis to enforce compliance. Nevertheless, there are legal principles that caution against taking this approach.

The so-called doctrine of effectiveness principle created by the European Court of Justice in relation to EU laws puts obligations on EU member states to act in certain circumstances. It may seem like there is little incentive to pursue such cases but bear in mind that NIS 2 aims to build cyber resilience in critical and important entities, in the face of ever-increasing cyberattacks. So, when a major cyber incident disrupts operational capability in a critical vertical, after the initial impact has been contained and services restored, investigations and audits will follow. In that situation, there is no guarantee that the principle of effectiveness will not be invoked, if it is deemed that an in-scope organization failed to take appropriate measures to manage the risk.

Most member states have set up registration mechanisms through which in-scope organizations have to provide certain information such as designated personnel, contact details, IP ranges, and more. The designated authorities in each member state are required to compile those lists of critical and important entities and share the number of entities, along with the sector and subsector breakdown, with the EC and the NIS 2 Cooperation Group. These coordinated actions serve a broader function of enabling the EU’s supranational cybersecurity operational bodies to track and address major incidents that may transcend national borders and lead to impacts spreading across sectors and countries. Consequently, even in member states that have not completed transposition it is crucial that in-scope entities fulfill the registration requirements for their organization.

The area of incident response also bears scrutiny. Article 23 of the NIS 2 directive details incident reporting obligations, which include an initial alert that must be made within 24 hours of becoming aware of the incident, full notification within 72 hours, and a final, detailed report within one month. Even before full transposition, member states themselves are required to run Computer Security Incident Response Teams (CSIRTs) that are obliged to support in-scope entities in case of an incident. Subject to the findings of those cases, compliance demands could be applied retroactively or specific requirements imposed with compressed deadlines to address key issues.

It’s no game

Despite delays in transposing the legislation, the NIS 2 directive is moving inexorably towards being enforced across the EU and even beyond, when we take into account international companies with operations in EU member states or companies that are suppliers to in-scope organizations. According to IDC’s survey, 41.1% of organizations said that despite not being in-scope for NIS 2, they are still facing compliance requests from some of their partners that are covered by the directive. Individual countries continue to make progress: in Finland the legislation came into force on April 8th 2025; in Slovenia on 19th June; and in Denmark and Estonia on July 1st. Cyber incidents and the risk of extended legal actions make a very strong case for all in-scope entities to prioritize achieving NIS 2 compliance. And even if the auditors aren’t watching you – maybe the cybercriminals are.

To learn more about how European organizations are preparing for NIS 2 compliance, visit IDC’s European Security Technologies and Strategies page. If you have a specific query about NIS 2, drop it in this form.

Mark will be speaking at IDC’s CISO Xchange, which takes place 9-11 November in Marbella, Spain.

Mark Child - Associate Research Director, European Security - IDC

Analyst Profile
Associate Research Director Mark Child of IDC’s European Security Group leads the group's Endpoint Security and Identity & Digital Trust (IDT) research for both Western Europe and Central & Eastern Europe. He monitors developments in security technologies and strategies as organizations address the challenges of evolving business models, IT infrastructure, and cyberthreats. Mark's coverage includes in-depth security market studies, end-user research, white papers, and custom consulting.

Discover strategies to quantify ROI, build buyer confidence, and drive growth in a competitive tech market.

In today’s technology landscape, having an innovative product is just the starting point. What truly sets successful tech vendors apart is their ability to demonstrate clear, measurable business value and return on investment (ROI) to their customers. This shift is driven by evolving buyer expectations, economic pressures, and the need for technology investments to deliver tangible outcomes aligned with broader business goals.

Why ROI and business value matter more than ever

The market environment has transformed significantly in recent years. Economic uncertainties and tighter IT budgets mean that decision-makers—from CFOs to CIOs—are monitoring investments with higher levels of scrutiny. Digital transformation must prove its worth through quantifiable results.

Three key forces are shaping this new reality:

  • Economic pressure: Organizations must justify every expenditure, making financial accountability paramount.
  • Rapid technological change: Businesses need to adopt solutions that not only innovate but provide competitive advantages.
  • Increased accountability: IT leaders are under growing pressure to demonstrate measurable impact to stakeholders.

In this context, ROI has become the deciding factor for investment decisions. It translates technology benefits into financial terms, aligns technology initiatives with strategic business objectives, and reduces risks by offering assurance through proven value.

Moving beyond features: how to prove business value

Tech buyers today demand more than product specs—they want evidence of how a solution will improve their operations, reduce costs, or increase revenue. To meet this demand, vendors must embrace a comprehensive, data-driven approach to showcase business value:

  • Use data-backed documentation: Whitepapers, case studies, and analyst reports grounded in credible research help tell a compelling story.
  • Offer tailored financial models: Interactive ROI calculators and TCO analyses customized to specific client scenarios provide clarity and confidence.
  • Highlight operational KPIs: Metrics like productivity gains, time savings, and efficiency improvements resonate alongside financial data.
  • Leverage customer insights: Real-world success stories and testimonials add authenticity and build trust.

A holistic approach to business value

Demonstrating business value requires more than just numbers—it demands a strategic, customer-centric mindset:

  • Validate with industry research: Third-party validation from trusted sources enhances credibility and trust.
  • Tailor to customer needs: Align your messaging with the unique challenges and goals of each prospect.
  • Present a multifaceted value proposition: Beyond cost savings, emphasize strategic benefits such as improved agility, innovation enablement, and enhanced customer experience.

Why IDC Is your ideal partner for business value success

At IDC, we specialize in supporting tech vendors quantify and communicate the real-world impact of their solutions. Our Business Value services combine rigorous research, tailored financial analysis, and compelling storytelling to empower your sales and marketing teams. We provide:

  • Detailed ROI and TCO models that resonate with CFOs and finance teams.
  • Strategic presentations and case studies that speak to CIOs and IT decision-makers.
  • Training and tools to equip your sales force to confidently address objections and demonstrate value.

By partnering with IDC, you gain access to trusted expertise and proven methodologies that accelerate buyer journeys, reduce sales cycles, and ultimately drive revenue growth.

Final thoughts

In a market where every investment must have a return, demonstrating ROI and business value is essential. Tech vendors who can clearly articulate the economic and operational benefits of their solutions will not only win more deals but build lasting partnerships grounded in trust and measurable success.

Are you ready to unlock the full potential of your technology offerings by proving their true business value? Connect with us to learn how IDC can help you transform your sales approach and drive impactful results.

Lynn-Kristin Thorenz - Associate Vice President, Research & Consulting - IDC

Analyst Profile
Lynn-Kristin Thorenz is Associate Vice President, Research & Consulting. In her role, Lynn manages IDC’s consulting and research business in Germany and Switzerland and is responsible for the successful delivery of IDC’s local portfolio which includes standard research products, Go-to-Market Solutions and individual client projects. She works closely with IDC's clients to understand their specific needs and requirements and to tailor solutions which support their business objectives. Lynn is also responsible for the strategic development of the complete range of IDC's local research and consulting activities around Digital Transformation and IDC’s 3rd Platform Technologies.

Direct to satellite communications won’t be a big money spinner straight off

Smartphone to satellite direct communications becomes a commercial service in the US on 23rd July with the launch of the ‘T-Satellite’ service on T-Mobile via SpaceX Starlink.

It is both a technological achievement and rather an underwhelming event following the hype that has gone into the subject over the last two years.

D2D is not going to meet some of the overheated expectations of the space industry as its next great white hope.

It will not produce billions of new short term revenues.

What it will do to begin with is provide a very useful emergency and texting service. More will come later.

Route one – need new phones

D2D has already evolved a long way over a short time.

As it started off, it was a deal between phone makers and existing satellite operators, notably the fist-generation LEO systems Iridium and Globalstar.

With new chips in smartphones which could work on these operators’ frequencies, D2D service could commence, and a couple of years ago the big smartphone chipmakers began to look into tieups to make this work.

This was a buzz theme at Mobile World Congress in 2023.

Qualcomm had just signed up to work on D2D with Iridium, and Samsung and Mediatek were also looking at deals with smartphone makers.

Only one of those deals stuck – Apple and Globalstar.

That deal, in which all iPhones produced from the 14 series onwards work on Globalstar frequencies as well as the usual cellular ones, has subsequently been enlarged and Apple is now the primary backer of the next generation of Globalstar satellites.

The Apple service at the moment is free. The other putative tieups however came to nothing because monetising service via this route would have been very complex.

Route two – needing new satellites

Instead D2D is moving emphatically towards service via a second option using terrestrial cellular operator frequency.

In theory, this means that all phones should be able to use the service – a TAM of seven billion or so of phones.

Because of that, it was always the most logical way forward, but it did imply that investment needed to be made in new satellites which could work on those cellular frequencies.

Starlink had the inside track for this because it could adapt satellites it already planned to launch.

This move made the business model much more simple: service would be sold by the mobile operator and the satellite system would be like tower cellular infrastructure.

A question of politics as well as investment

Starlink however means the divisive figure of Elon Musk and there has been a lot of reticence in the telecoms industry to the emerging D2D industry being dominated by a satellite system he controls.

This reticence has helped American rivals AST SpaceMobile and Lynk Global find backing. Both are startups and ambitious and needs lots of capital. AST in particular looks set to find the resources to launch a global system of broadband D2D capable of much more than emergency messaging. It has found backing from T-Mobile’s US mobile industry rivals AT&T and Verizon, and Google among others.

Vodafone has done a joint venture deal with AST SpaceMobile to run service in Europe.

The move to cellular operator frequency moves the D2D business squarely into the mobile operators’ court.

Service can only work through them.

Unsurprisingly they want to integrate D2D service into their existing tariff offerings.

At present users are restricted to low rate messaging and testing on Starlink so far has shown that only some smartphones work well on the service.

However technology is moving fast. AST is aiming at broadband communications, and Vodafone aims to have its JV service up and running in Europe in 2026.

More in the works

Meanwhile SpaceX, ever ambitious and trying to push the boundaries, wants to orbit some of its forthcoming satellites closer to the Earth. It also wants to increase their power output. That would bring its D2D performance to rival that of AST. And Starlink launches frequently and can put capacity into space more quickly.

The latest and forthcoming work of standards body 3GPP will improve the reception and signal performance with satellites of new smartphone chipsets. Further out D2D may spread out into further services such as vehicle communications.

So while the first steps in D2D have been smaller than the technology’s first boosters claimed, longer term it has substantial potential. Hence the big mobile players have made or are considering substantial investments which go well beyond the payback from messaging service.

Already though the launch of emergency satellite messaging is a major technological milestone in global communications.

Getting the small antenna on a smartphone to communicate with a satellite moving across the skey hundreds of kilometres above it sounds a long shot, and it is.

To paraphrase the first man on the moon, Neil Armstrong, one small step for the telecoms industry, but one great leap for mankind.

Learn more today with IDC

Simon Baker - Senior Research Director - IDC

Analyst Profile
Simon Baker is responsible for mobile phone research across Europe. He also supervises this research in the Middle East and Africa. He provides detailed insight on a wide range of IDC clients, both at a regional level and globally, drawing from his extensive experience of the industry's evolution over the last two decades across developed and emerging markets. As a coordinator of IDC's global mobile phone forecasting team, especially on 5G technologies, Simon is a regular commentator on worldwide developments in the mobile industry through the IDC EMEA blog and through other articles in media such as FierceTelecom. Simon has been quoted in numerous media outlets including Bloomberg, Forbes and the South China Morning Post, and appeared on Bloomberg Television.

At the 2025 NATO Summit in The Hague a few weeks ago, member states pledged to allocate 5% of their annual GDP to core defense requirements and defense- and security-related expenditures by 2035. This represents a significant departure from the alliance’s longstanding 2% benchmark, particularly given that the current average defense spending among NATO members only marginally meets the 2% target.

European nations constitute the majority of NATO’s members. And since the onset of Russia’s invasion of Ukraine, several Eastern European countries—such as Poland—have substantially increased their defense budgets. Nevertheless, many European allies remain below the alliance average, rendering the new 5% objective highly ambitious. The United States continues to lead in defense investment, with expenditures approaching $1 trillion in 2024— double the combined defense spending of Europe and Canada — and has been an advocate for heightened commitments among NATO.

The new target of 5% of GDP is structured to address both immediate military needs and broader security challenges, with an ideal split of spending among 2 categories:

3.5% of GDP: core defense requirements

  • Purpose: This portion is dedicated to traditional military expenditures.
  • Coverage: Includes funding for active personnel, acquisition and maintenance of weapons systems, military equipment, R&D, and operational readiness.

1.5% of GDP: defense and security-related investments

  • Purpose: This segment is allocated to areas that support and enhance national and alliance security beyond conventional military assets.
  • Coverage: Encompasses investments in critical infrastructure (such as energy grids, transportation networks, and communication systems), network defense, and resilience against hybrid threats.

Direct ICT Spending Impact

Core defense Spending: A larger budget is expected to drive more funding for defense organizations and spark a ripple effect in ICT spending. According to IDC Worldwide ICT Spending Guide Enterprise and SMB by Industry, aerospace and defense ICT investments in Europe will top $11 billion in 2025—about 1% of the region’s total ICT expenditure.

Military modernization efforts are focused on upgrading command, control, communications, computers, intelligence, surveillance, and reconnaissance (C4ISR) systems, strengthening cyber defenses, integrating artificial intelligence for battlefield operations, and enhancing encryption to secure communications and protect against cyber threats. However, this category will likely represent only a small portion of the overall 3.5% GDP allocation to core defense requirements.

Assuming the 3.5% target equates to approximately $665 billion, it is expected that initially less than $20 billion will be directed towards digital modernization and related technologies. This restrained allocation stems from several pressing priorities:

  • Many NATO members must rearm and modernize legacy military equipment, much of which is outdated or exceeded its operational life.
  • There is an urgent need to rebuild naval fleets and replenish armament supplies, particularly after significant stocks were transferred in support of Ukraine.
  • Substantial investment in unmanned aerial systems (drones), which are increasingly central to modern warfare, will also consume a major share of the available resources.

Therefore, while digital modernization is strategically important, the immediate proportion of defense spending dedicated to these initiatives will be modest in comparison to the broader requirements of re-equipping and reinforcing conventional military forces. Over time, this share may increase as foundational rearmament needs are addressed and digital technologies become further integrated into military operations.

Indirect ICT spending impact

Defense and security-related investments: Efforts are focused on securing critical infrastructure from both cyber and physical threats, enhancing national and international cybersecurity through advanced tools, investing in IoT and digital twin technologies for real-time monitoring, and promoting post-quantum cryptography and secure digital identities. However, the most significant portion of spending in this area will be dedicated to fundamental cybersecurity measures and the development of sovereign data and cloud capabilities. Much of this investment will address foundational requirements, such as fortifying existing networks, implementing robust data protection protocols, and ensuring compliance with national security standards.

While initiatives involving emerging technologies—such as post-quantum cryptography—are important for long-term resilience, these areas are likely to attract only limited funding initially. The focus will remain predominantly on basic cybersecurity infrastructure and sovereign data management until Europe further develops a robust innovation base in the defense technology sector. Heavy investment in more advanced and experimental digital solutions will depend on the establishment of this foundation and the maturation of European defense-driven technological ecosystems.

Induced ICT spending impact

This growth will create new opportunities for core defense solutions and benefit related industries, fueling wider momentum in the Defense Ecosystem. This momentum has therefore set off significant induced ICT spending, especially among major European defense contractors. As these companies prepare to deliver more advanced and diverse products and services, the demand for innovative IT solutions and digital transformation initiatives has surged. This effect spans not only traditional leaders such as Leonardo, Dassault, and Rheinmetall, but also extends to BAE Systems, SAAB, Indra, Thales, and Airbus, among others.

The current environment provides a strong opportunity for the European defense industry to enhance its position in the global market. By accelerating investments in areas such as digital platforms, cybersecurity, cloud infrastructure, and advanced analytics, the sector can differentiate itself while building greater resilience and competitive strength. Examples of current IT and digital transformation-related initiatives include:

  • Development of secure, sovereign cloud platforms for defense applications and data management.
  • Deployment of AI-driven command and control systems to improve operational decision-making and mission effectiveness.
  • Launch of pan-European projects to promote interoperability, digital sovereignty, and cybersecurity across defense networks, often supported by the European Defence Fund and broader EU digital policy frameworks.

These initiatives foster a more interconnected and technologically advanced defense ecosystem, ensuring that European contractors can respond to evolving demands and capture new growth opportunities in a global context

NATO’s new 5% GDP spending target signals a major shift for Europe’s defense sector, promising record investment in military capabilities and key enabling technologies by 2035. However, long-term commitment is uncertain, as future governments may redefine priorities.

This shift opens the door for technology providers—whether established contractors or innovative startups—to play an essential role in shaping the continent’s security future.

For technology providers, the key imperatives are clear:

  • Make the defense market a top priority. With traditional defense budgets swelling and new funding streams available, tech vendors – especially those historically focused on enterprise or civil solutions – should prioritize defense within their broader industry strategies. Consider how your technology – especially AI-driven solutions for logistics, scheduling, or intelligent automation – could be adapted for military use. With rising defense investment and a growing need for innovation, now is the time to explore how your products can address emerging defense challenges and open new markets.
  • Embrace broader collaboration: Leverage increased funding and European Union support for joint ventures and R&D initiatives to accelerate adoption and scale innovation across national boundaries.
  • Drive dual-use innovation: Develop technologies that bridge defense and civilian markets, maximizing addressable opportunity while supporting national security objectives. In doing so, it is essential also to consider the spillover effects beyond pure core defense spending in adjacent sectors.

The path forward demands agility, innovation, and collaboration, but the rewards – in terms of both market opportunity and societal impact – are substantial.

To learn more about how ongoing geopolitical dynamics are shaping IT spending strategies, visit IDC’s Digital Economy Strategies page.

Lapo Fioretti - Senior Research Analyst - IDC

Analyst Profile
Lapo Fioretti is a Senior Research analyst in IDC Digital Business Research Group, leading the European Emerging Technologies Strategies research. In his role, he advises ICT players on how European organizations leverage new technologies to create business value and achieve growth and analyzes the development and impact of emerging trends on the markets. Fioretti also co-leads the IDC Worldwide MacroTech Research program, focused on the intertwined connection between the Economical and Digital worlds - analyzing the impact key MacroEconomic factors have on the digital landscape and viceversa, how technologies are impacting economies around the world.

Over the past decade, I’ve watched healthcare providers invest in electronic health records (EHRs), revenue cycle management (RCM), and a broad range of health IT solution areas spanning clinical, operational, and administrative functions. Yet, one issue continues to drain resources and morale like no other: prior authorization, also known as “prior auth.” Despite being intended to ensure appropriate care and control costs, in my analysis, prior auth costs the U.S. healthcare system at least $41.4 billion to $55.8 billion annually, at least, depending on how you model and factor in labor costs, delays, and the downstream clinical impact. What is even more bothersome is that prior auth isn’t just an operational inefficiency but a symptom of a deeper failure to prioritize system redesign over entrenched inefficiencies, temporary workarounds, and conflicting incentives.

Why Prior Auth Won’t Fix Itself

What I’ve come to believe, contrary to prevailing narratives, is that the prior auth crisis is not a failure of process or technology, but people and mindset. For years, U.S. healthcare leaders, particularly within provider organizations, have largely abdicated meaningful engagement with system redesign or resistance to imposing external forces. Instead, they’ve defaulted to compliance despite any dysfunction, relying on short-term patches, manual workarounds, and narrowly scoped initiatives to ensure payment. Most efforts have been reactive, designed to navigate and endure the complexity than challenge it.

Survey data from the American Medical Association (AMA) paints a stark picture. Physicians and their teams spend 13 hours a week handling an average of 39 prior authorizations per doctor, so burdensome that 40% of practices have staff solely dedicated to it. Nearly 9 in 10 physicians report it drives burnout and inflates healthcare utilization. Even more troubling, 94% say prior auth harms clinical outcomes, 93% say it causes care delays, 82% report it leads to treatment abandonment, and 29% cite serious adverse events as a direct result.[1]

Underneath any cultural resignation is the sense that such administrative complexity is “simply healthcare,” and the sheer magnitude of it is “how U.S. healthcare works.” This has shaped decades of efforts and investments that have further baked such dysfunction into the very DNA of the system. By not challenging and, in turn, reengineering prior auth from the ground up, it was standardized. The problem has not only hardened but has also been operationalized and institutionalized, resulting in such friction and colossal costs.

The problem with prior auth isn’t that it’s only expensive to do, but also that it’s resistant to change. Unlike RCM, which has evolved over the years toward better end-to-end, front-loaded models that begin well before the claim is filed or the patient is even seen, prior auth too often gets triggered late in the care episode, after key decisions have been made. It’s still mostly payer-facing and payer-driven in the continuum of care, with misaligned, frequently conflicting incentives and inconsistent criteria across the board, except in the case of “payviders” or integrated delivery networks, where the divide is less pronounced and may promote rather than block collaboration despite it needing to be more in the patient’s or member’s interest than the system for true value-based care delivery.

U.S. healthcare providers have repeatedly mistaken digitization for modernization. Converting paper into PDFs instead of structured data, automating outdated steps, or adding a portal to a broken process. These were not transformative moves. At best, they converted paper files into EHRs or manual billing into RCM, without questioning the process design behind them. Does it drive approval any faster? Does it reduce burden or improve care quality and experiences? Rarely. Even traditional automation tools, like RPA, while helpful for repetitive administrative tasks, were never built to handle unstructured data or the dynamic, exception-heavy nature of prior authorization workflows. These tools, in essence, served more as digital band-aids over deep systemic wounds, not solutions.

Market Signals Tell Us to Move On

According to IDC survey data, 52.5% of U.S. healthcare providers are now adopting composable IT architectures to drive electronic prior auth (ePA), moving toward modular, plug-and-play systems designed for agility and continuous evolution. Meanwhile, only 6.6% remain dependent on rigid, custom-built platforms. The message is clear: the market is shifting toward flexibility, interoperability, and intelligent orchestration.

I won’t go so far as to say the tide is turning, but signals are getting louder. Across the board, I’m seeing more healthcare leaders on both the technology buyer and supplier sides acknowledging that traditional automation has reached its limits. The complexity of an area like prior auth demands something more adaptive, scalable, and intelligent.

Enter agentic AI, not just as another layer of automation, but a new class of automation. Where agents shine is that they can bridge the gap between automation with intelligence, autonomy, and context awareness, working not just faster, but smarter. As opposed to traditional rule-based systems or narrowly trained models, agentic AI can adapt, interpret, and learn on the fly. This is a significant leap from simply executing pre-coded functions.

What sets agents further apart is their ability to perform zero-shot reasoning, as well as their capability to handle new inputs or scenarios that haven’t been trained on by leveraging generalized knowledge across domains. This adaptability reassures healthcare leaders that agentic AI can function even in the face of edge cases, real-time policy updates, and unstructured clinical complexity, making it particularly well-suited for prior auth, where variability is the norm, not the exception.

Rather than following static rulesets or requiring periodic retraining, agentic AI can:

  • Interpret unstructured data by leveraging NLP and LLMs to extract relevant information from free-text sources such as physician notes, discharge summaries, radiology reports, and lab results. This enables the system to understand the clinical rationale behind a treatment or diagnostic order, allowing for more accurate and context-aware authorization decisions without requiring structured, template-based documentation.
  • Adapt dynamically to evolving payer rules, rather than relying on static rule engines or periodic manual updates. Agentic AI can ingest real-time payer policy feeds, API-accessible rule libraries, or even scrape payer portals (when necessary) to automatically apply the most current criteria. This eliminates the lag between policy changes and system response, reducing unnecessary denials caused by outdated logic and helping ensure compliance is maintained proactively.
  • Execute complex, multi-system workflows autonomously by orchestrating interactions across tech stacks and layers, be it EHRs, eligibility verification systems, third-party prior auth platforms, and payer endpoints. It can initiate requests, validate documentation, follow up on pending statuses, and escalate exceptions without manual handoffs. This end-to-end orchestration eliminates redundant clicks, fragmented touchpoints, and disconnected workflows that slow the process.
  • Continuously learn and optimize performance with built-in feedback loops. Agentic AI can analyze the outcomes of approvals, denials, resubmissions, and appeals, and use that data to fine-tune logic over time. This continuous optimization instills confidence in healthcare leaders that the loops can enhance prior auth quality, increase first-pass rates, and minimize administrative rework, leading to improved financial and operational outcomes.

The silver lining is that this isn’t a vision but is already happening.

What This Means for U.S. Healthcare Providers

For CIOs:

  • A scalable, modular approach to intelligent automation that aligns with existing IT investments.
  • Rather than costly rip-and-replace initiatives, agentic solutions can integrate more seamlessly (e.g., into EHRs, practice management, and RCM systems) via APIs, FHIR interfaces, and event-driven architectures.
  • Agents can be further embedded within existing workflows or operate as orchestration layers on top of legacy infrastructure.
  • Composability, interoperability, and accelerated ROI that support modernization without disruption, delivering improved speed, flexibility, and clinical alignment.

For CMIOs/CNIOs:

  • Clinically intelligent automation that complements rather than complicates workflows.
  • Agents can interpret free-text notes, align with evidence-based care protocols, and apply payer-specific criteria without forcing changes in behavior, helping to reduce ‘death by a thousand clicks’ and ‘unlimited mouse miles’ while still supporting contextual decision-making, improving accuracy and timeliness of authorization workflows without burden.
  • Preservation of clinician experience while improving patient experiences and outcomes.

For RCM Leaders:

  • Immediate and measurable value by dynamically aligning clinical submissions with payer policies in real time, shortening authorization turnaround times through intelligent workflow automation, and improving clean claim rates by ensuring complete and compliant documentation at the point of capture.
  • Real-time visibility into authorization status, exception handling, and appeal triggers, empowering billing teams to work smarter, not harder, and to optimize reimbursement without unnecessary overhead.

Beyond these roles, the greater opportunity lies in agentic AI laying the groundwork for intelligent automation across the board, thereby elevating healthcare provider workflows and operations to be more adaptive, resilient, and scalable altogether.

A Final Thought: Don’t Automate Dysfunction

I’ll close with this: stop framing prior auth as solely a technical or workflow issue when it’s not. It’s more of a systemic and cultural issue and distinctly related to U.S. healthcare, reflecting how the experience has been deprioritized in favor of bureaucracy. If AI gets layered on top of that without redesigning the underlying processes, then it will just be scaling dysfunction and be largely counterproductive. This is not to say agentic AI is a silver bullet, no, but it offers a way forward, one that can help automate and distribute intelligence rather than dysfunction. The question isn’t whether we should adopt it, but how quickly, responsibly, and effectively we can do so. If prior auth remains a sinkhole for U.S. healthcare in five to ten years, it won’t be due to a lack of innovation or tools, but rather a lack of leadership, imagination, and willpower.

If you are a client or subscribe to our research, access the full report here: From Administrative Drain to Clinical Gain: The Case for Agentic AI in Prior Authorization for Healthcare Providers. To become a client or learn more about our research, please visit idc.com.

[1] Prior Authorization (PA) Physician Survey 2024 | AMA. Available at: https://www.ama-assn.org/system/files/prior-authorization-survey.pdf (Accessed: 17 July 2025).

Mutaz Shegewi - Sr. Research Director - IDC

Analyst Profile
Mutaz Shegewi leads the provider research practice at IDC Health Insights covering topics of most relevance to healthcare provider organizations looking to digitally transform and become more digitally native than their competition. Mutaz advises the executive, clinical, and technical leadership of the world's foremost health information technology supplier and buyer organizations by producing data-driven research and thought-leadership insights that help to navigate strategic challenges in health information technology and transform complexity to clarity in decision-making that would decrease costs, enhance quality, optimize access, improve patient safety, and champion patient experience. Mutaz is passionate about strengthening healthcare systems through the dynamic interrelations between technology, patients, and providers by combining industry, professional, academic, technical and global expertise in healthcare, policy, business, management, research, consulting, and medicine.

The smart glasses market has been growing rapidly in the last couple of years, mostly led by the second generation of Meta Ray-Ban glasses that have come onto the market and taken consumers by storm. Interestingly, the first generation of Meta’s smart glasses, the Ray-Ban Stories released in 2021, fizzled not really capturing the consumers’ interest and underwhelming in terms of sales. In comparison, the second generation did more than 900k sales in just the fourth quarter of 2024, and holds over 65% global market share. We have also seen devices from major brands like Google with Google Glass and Bose with Bose Frames, which have failed to take hold and have both been discontinued. So why the current growth?

The Tech Behind the Specs

Well, part of the answer is clearly improving technology, this means the glasses can be relatively light whilst cramming in more features. Meta Ray-Bans second-generation Wayfarers weigh around 50 grams, which is only 5 grams heavier than the 45-gram non-smart Ray-Ban Wayfarers. At the same time, the glasses manage to pack in a 12-megapixel ultrawide camera, open-ear speakers on each arm of the glasses, five microphones, 32 GB of internal storage, the ability to connect via Bluetooth and Wi-Fi, and batteries capable of powering the glasses for up to 4 hours of use. Not too bad for an additional 5 grams. This impressive bundle of features rolled up in such a small and unobtrusive form factor means that consumers are now viewing  smart glasses as a legitimate technology product with significant real world use cases.

The last couple of years have also seen rapid advances in Artificial Intelligence, which, when integrated into smart glasses, gives them far more functionality than just a pair of bulky glasses that have a camera and speakers bolted to them. These new AI features let users access information and interact with the world in real time, for example using the built-in cameras first person viewpoint to seamlessly identify landmarks by asking “What’s that building in front of me?”. Or allowing the user to spontaneously ask questions, just as they would with a search engine on a smartphone, but without the hassle of getting the phone out of their pocket and typing out the question, then trolling through results. This elevates the glasses from a nice-to-have gimmick into a useful tool for everyday life. There is clearly still a long way to go though; the AI features are still relatively primitive, and it’s doubtful that most people will be eager to randomly start asking AI questions out loud in public, given people’s desire for privacy.

There are also interesting technological developments in the use of smart glasses as discreet hearing aids, with many people suffering from partial hearing loss being reticent to wear traditional hearing aids, due to the attached stigma and the implied acceptance of one’s age. This is a sizable and growing market with The World Health Organisation (WHO) estimating roughly 20% of the worlds population has some degree of hearing loss, this translates to over 1.5 Billion people. EssilorLuxottica has recently released it’s Nuance Audio smart glasses that have built-in microphones that pick up sounds the glasses are pointed at and then amplify them through built in speakers in the arms of the glasses. The idea being a partially deaf individual wearing the glasses in a somewhat noisy environment, like that found in a popular bar on a Friday night, can more easily hear a person they are trying to hold a conversation with. Transcribeglass has taken a slightly different approach to the same problem. Their smart glasses also use microphones to pick up conversations in the glasses field of view, but then the conversations are transcribed in writing onto the glass in front of the wearers eye. Allowing the hearing impaired individual to read conversations like subtitles in a film. Transcribe’s glasses can also be used to translate foreign languages in real time, giving them an even broader market appeal. Both companies approaches are interesting and highlight a huge opportunity in the market for a discreet solution to help individuals with hearing loss and foreign language translation, which could create a significant tail wing for smart glasses sales.

Going Hands Free

We have also seen additional use cases being added, like video streaming—especially with Meta making their glasses easily compatible with their social media platforms, allowing things like live-streaming Instagram Reels from the glasses. Smart glasses have the advantage that they can record first-person videos whilst allowing the person recording to remain in the moment. This was one of the key talking points from Apple when they launched their Vision Pro, but the bulky screen in front of people’s faces, coupled with the slightly off-putting projection of their eyes, means that “in the moment” is a relative term. Thinner, more normal-looking smart glasses from the likes of Meta allow the wearer to be as in the moment as any other glasses wearer. This will allow people to experience key events like birthday parties or watching New Year’s Eve celebrations and then still have the videos to last a lifetime, or more likely, post on their social media. There are obviously still problems with this technology, like restricted memory storage capacity and the quality of the videos recorded, but these have been rapidly improving in recent years and will likely continue to do so.

Meta Dominates, But Rivals Are Emerging

Right now, the smart glasses segment is a small one that is dominated by Meta, with the next biggest competitor being Chinese technology company Huawei, Meta owning 66% and Huawei 6% in 2024. But seeing the success of the smart glasses market, other competitors are circling. As mentioned previously, EssilorLuxottica, the owner of the brand Ray-Ban and the company with a virtual monopoly on the standard glasses market, has recently launched the Nuance Audio smart glasses. Amazon is also a significant player with its line of Echo Frame smart glasses doing hundreds of thousands of sales in recent years. More niche players like Transcribeglass, Xreal and Gentle Monster are also sprouting up to embrace the opportunity. Additionally, it has long been understood that much of the development of Apple’s Vision Pro and Samsung’s Project Moohan, both virtual reality goggles, has been aimed at laying the R&D groundwork for competing in the future mass-market virtual and augmented reality products. Apparently even Apple understands a first-generation augmented reality device priced at $3,500 is unlikely to have broad market appeal. The increasing focus on smart glasses is clearly demonstrated by Samsung’s recent show casing of its own prototype smart glasses, and the launching of Android XR, an operating system designed out of a collaboration between Google, Samsung and Qualcomm, to work on Smart glasses and Augmented/Virtual Reality goggles.

Can Smart Glasses replace the Mobile Phone?

In many ways, the form factor of a device that can project in front of the eyes is more useful and intuitive than a technological brick you keep in your pocket. This is because the world becomes your screen, you can project tabs and information in every part of your field of vision, should you choose, or simply wear them like a normal pair of clear glasses. This gets around the fact that your phone, though increasingly powerful, has a relatively limited screen size, which can make doing things like watching films and writing out emails annoying. Whereas with a larger field of view, you can watch films as if they were projected on the side of massive buildings or possibly even have 3D interactions within films and games, with the visuals being projected all around you. Both Apple and Meta have shown off hand-tracking technology with the Apple Vision Pro being able to do this through a series of cameras on the headset tracking your hand movements, and the Meta Orion concept glasses getting a similar effect by having the user wear a gesture-tracking wrist strap. This hand-tracking technology allows for the possibility of normal, intuitive interactions with technology through hand gestures. This could be as simple as projecting a virtual keyboard in your field of view and then tracking your hand movements to ascertain what key you are typing, or it could mean interactive gameplay. For example you could play a virtual game of tennis with the glasses tracking and interpreting your wild tennis swings, and seamlessly turning them into a coherent game of tennis against an AI or another player wearing smart glasses half a world away.

The holy grail for smart glasses will be an augmented reality screen that can seamlessly overlay projections onto the real world. Of course this can be done with larger devices like Apple’s Vision Pro and the Meta Quest, but to be able to do this in the slimmed-down format of a normal-ish looking pair of glasses that regular people would consider wearing on a daily basis would be a massive step forward. This, coupled with a significantly improved AI interface, larger battery life, and a slimmed-down sleeker design, could allow these glasses to go from a niche but interesting product type to a product with broad mass-market appeal. If the technology can be improved enough, there is a possibility that in a number of years smart glasses could start taking market share from mobile phones, as they should be able to replicate the majority of the phones features but in a more intuitive form factor.

Conclusion & Forecast

Smart glasses are a rapidly growing market as technological advances are beginning to make the form factor viable. Further advances in technology, greater consumer awareness, and new entrants into the market will likely continue this growth into the long run (IDC is currently forecasting 18.7 million units in 2029 compared to 2.7 million units in our most recent full year of data 2024). A little way off the 1.44 billion mobile phones sold worldwide in 2024, but if there is any product positioned to eventually replace the smartphone, both industry analysts and technology giants are betting it will be smart glasses.

Frederick Stanbrell - Data & Analytics Analyst - IDC

Analyst Profile
Frederick Stanbrell joined IDC in 2022, as an associate research analyst based in London, leading the European Wearables tracker. As head of the European Wearables tracker he collates guidance, tracks market trends and provides insight and forecasts into the region, companies and individual countries. Before joining IDC, he studied an undergraduate degree in Economics from the University of Greenwich, obtaining a first. During this time he was also a prominent member of the University of Greenwich Cricket team.

Across the Asia-Pacific region, enterprises are exploring generative AI (GenAI) with urgency, but scaling remains elusive. IDC research shows that while organizations ran an average of 23 GenAI proof-of-concepts (POCs) between 2023 and 2024, only 3 reached production. Of those, just 62% met expectations. The real challenge? Turning experimentation into enterprise value.

 Why Agentic AI Matters for GenAI Use Cases

GenAI’s potential extends far beyond content creation. But to realize its full value, organizations must move past isolated tools and embrace Agentic AI, intelligent agents that operate with autonomy, context, and integration across systems.

Agentic AI is the missing link between promising GenAI pilots and impactful enterprise transformation. It enables scalable, reusable use cases that drive results in productivity, quality, cost-efficiency, and resilience.

What Makes Agentic AI Different?

Unlike static models, Agentic AI introduces enterprise-grade capabilities, including:

  • Context retention for continuity across interactions
  • Multi-step task execution for complex operations
  • Exception management to handle real-world unpredictability
  • Security compliance for enterprise environments

This marks a shift from isolated AI functions to end-to-end automation, turning GenAI from a productivity tool into a strategic business engine

Super Use Cases: Where Agentic AI Delivers Impact

Not all AI use cases are created equal. The most successful organizations are focusing on “super use cases,” scalable, process-centric applications that integrate AI into decision-making, workflows, and operations. These include:

  • Customer support orchestration
  • Fraud detection and resolution
  • IT and HR automation
  • Context-aware marketing and personalization

These use cases aren’t just feasible with Agentic AI; they thrive because of it.

Building with Reusable Design Patterns

To scale Agentic AI, enterprises must move beyond bespoke solutions. Reusable design patterns enable the rapid and flexible deployment of AI. Key patterns include:

  • Task planning: Break down goals into AI-executable steps
  • Tool orchestration: Connect agents with enterprise platforms
  • Self-reflection: Learn from past actions to improve accuracy
  • Collaboration: Enable multiple agents to work in sync

These patterns act as blueprints, fueling faster time to value across diverse use cases.

Transforming Work, Not Just Tools

While personal GenAI apps, like note-takers and summarizers, are helpful, they’re quickly becoming commoditized. The real edge lies in deeply integrated, business-specific applications. Agentic AI enables a rethinking of work itself:

  • Marketers will optimize for LLMs, not just search engines.
  • CX leaders will deploy agents to unify channels, systems, and data.
  • Ops teams will automate workflows end-to-end.

In 2025 and beyond, Agentic AI won’t just support the work—it will redefine how work gets done.

Accelerating Agentic AI Adoption

As businesses increasingly explore automation, from robotic systems to intelligent assistants and sophisticated agents, agentic AI is poised to reshape daily work across industries. However, many organizations are unprepared to manage the dual challenge of evolving work practices and adopting new technologies.

Leaders need support navigating cross-functional change, especially as new roles like Chief AI Officer (CAIO) emerge. Technical professionals must expand their skill sets to include agentic development platforms, while nontechnical staff will need to learn workflow automation and natural language prompting.

Successful adoption will depend on aligning change management strategies with regional work cultures and technology maturity levels. In 2025 and beyond, agentic AI will not just change tools; it will redefine how work gets done.

Some key considerations:

  • Technical teams need to master agentic development platforms.
  • Non-technical users must learn prompt-based automation.
  • Leaders should align transformation efforts across regions, each with its own pace and culture of adoption.

Success relies on cross-functional collaboration and a clear strategy to integrate agentic AI into daily operations.

Measuring What Matters: A Holistic View of AI’s Business Value

One of the biggest barriers to AI adoption is the difficulty in measuring return on investment. To address this, IDC’s AI Business Value Benefit Framework outlines nine key dimensions, ranging from revenue growth and customer experience to innovation, resilience, and sustainability, that help organizations evaluate both the direct and indirect impacts of AI. By taking a broader view of AI’s value beyond just cost savings, this framework enables businesses to align AI investments with long-term strategic goals and drive meaningful outcomes across operations.

For more on this topic, please refer to the IDC report From AI Return on Investment to Business Value.

Final Word: Your Next Move Starts Here

Agentic AI turns GenAI from an experiment into a strategic differentiator. By focusing on super use cases and embracing reusable patterns, enterprises can move confidently from POC to production and unlock the full promise of AI.

Your next move? Let’s make it count, with Agentic AI at the core.

Take the next step and realize the full business value of AI with our three practical webinars:  

To learn about the new strategic imperatives in store for CIOs in the era of Agentic AI, download this eBook.

Deepika Giri - Associate Vice President - IDC

Analyst Profile
Deepika manages and leads the research programs in big data and analytics (BDA), artificial intelligence (AI), blockchain, and Web3. Deepika is a seasoned data and AI professional and brings extensive knowledge about the impact of data engineering, big data cloud platforms, and data science across critical sectors. She has extensive experience in software delivery as well as sales leadership and management. She also has over 20 years of experience in IT services, including leadership roles, at Capgemini, Infosys, and Accenture, and has strong industry expertise in the telecommunications and retail industries. More so, Deepika has an entrepreneurial spirit and has previously founded her own online retail fashion business.

The automotive industry is interconnected and global. That is not going to change, with or without the presence of tariffs.  Auto manufacturers in North America rely on parts, subassemblies, transmissions, semiconductor chips, as well as software, rare earth metals, and other metals like aluminum and steel from Canada, Mexico, Europe, China, Japan, and elsewhere.  Tariffs will impact vehicles assembled in the US just as they will affect vehicles imported from other countries. It is possible for sourcing strategies and production locations to shift, but this takes years.  As a 25% tariff by the U.S. on imports from Japan and other countries looms in response to a perceived uneven trade playing field, automotive OEMs (Original Equipment Manufacturers) and suppliers are strengthening connections with customers and partners across the supply chain, as well as with the end consumer. 

Automotive ecosystem partners are working together to develop equitable business models and approaches to alleviate tariff cost impact and reduce the risk to consumers of vehicle price increases and availability declines.  These connections and new approaches are particularly important in Japan, where much of the auto supplier base consists of small and medium-sized businesses (SMBs).  We have seen, for example, SMBs and large OEMs accelerate vehicle shipments and manufacturing of parts during the 90-day tariff pause which ended on 9 July.  Manufacturers tell us that the absence of significant price increases in response to tariffs thus far may be a result of working down older, lower cost inventory.  With this strategy, however, comes financial risk and potential cash flow issues (particularly for the small vendors) as tariffs are paid up front in a short period of time.  There is also risk across interconnected regions, such as in Asia Pacific: multiple Japanese auto OEMs (Toyota, Honda, Isuzu, Mitsubishi) have big investments in Thailand particularly for electric vehicles (EVs) and the U.S. is Thailand’s top auto export destination (18%).  

The on-again/off-again tariff situation makes it extremely challenging for OEMs and suppliers in the industry to properly plan for new R&D and production. Companies are struggling to commit to new US production based on this unpredictability–building new facilities or even reopening and improving shuttered ones is not something that happens quickly.  Although it is likely that large auto manufacturers and suppliers that had plans in place for new facilities and/or joint ventures with American companies will accelerate those plans.  For example, battery providers such as LG Energy Solution and Panasonic are working with auto EV OEMs such as GM, Ford, Tesla, and Rivian, as well as semiconductor companies such as Qualcomm.  GM recently announced a $4B investment in three existing U.S. factories. Automotive production output as of June 2025 is mostly flat everywhere globally, with this expected to continue through CY2027 (source: S&P Global Mobility). Notably, however, as of June 2025, Japan’s manufacturing purchasing managers’ index (PMI) rose to 50.4 from 49.4, after 11 months of contraction (below 50). It remains to be seen whether this will spark consistent growth or is a brief increase in response to the 90-day tariff reprieve.

In IDC’s 2025 Supply Chain Survey, automotive manufacturers identified their top three strategies to mitigate supply chain risks as improving supply chain agility, improving supply chain visibility, and prioritizing local ingredient/component supply (near-shoring) over global sourcing. These priorities underscore a broader industry shift toward localized resilience and faster response capabilities, driven not just by tariffs but by chronic disruptions, digital transformation pressures, and a push for ecosystem alignment.

At the same time, the automotive industry continues to face other monumental structural shifts, all of which could be impacted by tariffs: the expansion of software-defined vehicles, the growth of electric vehicles (EVs), and the ongoing digital talent shortages and lack of new workers entering the industry.  An upcoming IDC Perspective will expand on these three challenges and opportunities and the related tariff impact.

The ambiguous tariff environment that global automotive OEMs and their suppliers are currently living through may ultimately turn out to be a benefit by forcing continuous collaboration, data sharing, and knowledge visibility, if this is not currently present.  Automotive is already an ecosystem-driven industry, with participants from the private and public sectors, multiple tiers of the supply chain, and other industries working closely together.  Sharing risk, resources, talent, and data across this ecosystem will enable rapid response to increasing consumer demand for software-rich, electric vehicles, as well as a flexible response to economic and geopolitical disruptions.

Take the next step and discover how IDC’s research can help you with your Supply Chain strategy, implementation, and digital transformation.  Contact IDC via this form.  For research specific to Industry Ecosystems & Business Networks, please go to this page.

Simon Ellis - Program GVP - IDC

Analyst Profile
As Group Vice President, Simon Ellis currently leads the U.S. Manufacturing Insights, U.S. Energy Insights, and Global Supply Chain Strategies practices at IDC, specializing in advising clients on manufacturing/energy strategies, supply chain digital transformation, sustainability, cloud migration, network, and ecosystem design. Mr. Ellis works with end user companies, supply chain organizations and technology providers to develop best practices and strategies leveraging IDC quantitative and qualitative data sets. Within the Supply Chain practices, Mr. Ellis contributes extensively to the Supply Chain Planning and Multi-Enterprise Networks Strategies practice while also overseeing the Supply Chain Execution practices. These supply chain practices specialize in advising clients on supply chain network design, S&OP, global sourcing (Profitable Proximity and Low-Cost Sourcing), warehousing and inventory management, transportation, logistics, and more.

Stephanie Krishnan - Associate Vice President - IDC

Analyst Profile
Stephanie Krishnan leads IDC’s Asia/Pacific research and advisory for supply chain, manufacturing, retail, and adjacent industry domains. As Associate Vice President for IDC Insights, she guides organizations through the rapid transformation toward digitally enabled, AI-driven, and highly interconnected operations. Her work centers on the future of supply chain ecosystems, operational resiliency, sustainability, and the rise of agentic and autonomous decision-making across global networks.

Jeffrey Hojlo - Research Vice President - IDC

Analyst Profile
As Research Vice President, Future of Industry Ecosystems, Innovation Strategies, & Energy Insights at IDC, Jeff Hojlo leads one of IDC's Future Enterprise practices at IDC - the Future of Industry Ecosystems. This practice focuses on three areas that help create and optimize trusted industry ecosystems and next generation value chains in discrete and process manufacturing, construction, healthcare, retail, and other industries: shared data & insight, shared applications, and shared operations & expertise. Mr. Hojlo manages a group focused on the research and analysis of the design, simulation, innovation, Product Lifecycle Management (PLM), and Service Lifecycle Management (SLM) market, including emerging strategies across discrete and process manufacturing industry such as product innovation platforms and the closed loop digital thread of product design, development, digital manufacturing, supply chain, and SLM. He also manages IDC's North American Energy Insights group, with a focus on key topics such as energy transition & sustainability, distributed energy resource management, and digital transformation in the Oil & Gas and Utilities industries.

A New Era of AI-Driven Healthcare in Asia Pacific

Asia/Pacific’s healthcare sector is entering a revolutionary era – driven by a surge in clinical data powered by AI and GenAI, and more recently, Agentic AI. This era will be shaped by the need to balance dual priorities of efficiency and effectiveness across workflows and workforce productivity.

To meet these demands, healthcare provider organizations are now focusing their investments on four immediate priorities.

  • Workflow automation to increase workflow efficiency for enhanced care outcomes
  • Patient-centric care delivery models to ensure care accessibility and convenience
  • GenAI solutions to augment clinician efficiency while creating a hyper-personalized patient experience (PX)
  • Cybersecurity to maintain cyber-resilience as emerging technologies become the imperative for modernized healthcare

AI-Driven Workflow Automation: Scaling Efficiency and Outcomes

As healthcare providers across the Asia-Pacific region pursue greater operational efficiency, improved quality of care, and scalability, AI and automation are becoming a top priority. Repetitive and data-intensive processes are placing a heavy burden on healthcare providers, draining valuable time and resources. By automating these tasks, organizations can relieve this strain, optimize internal resources, and significantly reduce administrative overload.

At the same time, there is growing pressure from rapidly aging populations—particularly in super-aged nations like Japan and South Korea. This, along with the rising prevalence of non-communicable diseases (NCDs), is increasing demand for more efficient healthcare delivery.

To address these shifts, healthcare providers have identified healthcare-specific use cases for automation in the next two years: clinical workflows, operational workflows, and administrative workflows.

Electronic Health Record (EHR) platform, with its tools and functionalities, serves as a robust foundation for automation investments. One-third of healthcare providers have already invested in CDSS (Clinical Decision Support Systems), while more than half plan to invest within the next two years.

IDC data shows that almost half (47%) of healthcare organizations consider health data platforms as the topmost investment potential, owing to the need for large-scale data integration, data leveraging, and real-time analytics for “Intelligent Automation.”*

New Patient-Centric Care Models: From Telemedicine to Hospital-at-Home

Innovations in patient-centric care delivery solutions continue to accelerate. This is also driven by the rising consumerization of care and supported by a maturing health tech ecosystem.

For example, telemedicine is transforming into comprehensive Telehealth platforms. What began as basic virtual consultations has now expanded to include integrated access to electronic medical records, e-prescriptions, lab results, and patient education—all within a single interface. This empowers patients to make informed decisions and take greater ownership of their health.

In another case, Remote Patient Monitoring (RPM) is progressing into full-fledged “Hospital-at-Home” (H@H) models. Over half of regional care providers are investing in H@H technologies. For example, Singapore General Hospital (SGH) and Khoo Teck Puat Hospital (KTPH), under the National University Health System (NUHS), have launched the Mobile Inpatient Care@Home (MIC@Home) program. Spearheaded by the MoH Office for Healthcare Transformation (MOHT), the program supports patients with general medical conditions such as skin infections, urinary tract infections, and congestive heart failure. Following a successful pilot, the initiative has expanded to four more hospitals: Changi General Hospital (CGH), KK Women’s and Children’s Hospital (KKH), Sengkang General Hospital (SKH), and Tan Tock Seng Hospital (TTSH). Similarly, in Australia, 44 hospitals in Victoria are now offering Hospital-in-the-Home (HITH) services. To scale these models effectively, healthcare providers are increasingly reshaping their investments through Digital Front Door (DFD) strategies. By leveraging the broader healthtech ecosystem and adopting innovative, patient-focused delivery models, they aim to create more efficient, scalable, and responsive healthcare systems across the region.

IDC predicts that by 2027, driven by the demand for enhanced care collaboration, expanded clinician and consumer access, and enhanced digital literacy, 80% of patients in APeJ (Asia/Pacific except Japan) will utilize Hybrid Care.*

Augmenting Clinician Efficiency and Hyper-Personalized Patient Experience with GenAI and Agentic AI

GenAI and Agentic AI.are poised to make healthcare more accessible to underserved populations. Recognizing its potential, over half of the region’s healthcare providers plan to invest in GenAI solutions within the next two years.

Healthcare organizations are set to transition from early experimentation to developing comprehensive, enterprise-wide AI strategies. CIOs from both multi-specialty and super-specialty hospitals are already exploring targeted GenAI use cases, not only to optimize resource alignment but also to identify the prerequisites necessary to become truly GenAI-ready.

IDC predicts that, by 2026 healthcare GenAI investments are expected to double in Asia/Pacific excluding Japan (APeJ), driven by the rapid deployment of use cases, more curated clinical data, and increased organizational buy-in.

In the context of GenAI, hospital chains across the region have begun integrating data across their networks to effectively deploy large language models (LLMs). For example, Apollo Hospitals in India has developed a Clinical Intelligence Engine (CIE) powered by LLMs, which leverages extensive clinical datasets from its hospital network to deliver faster, more informed patient responses. In Singapore, Synapxe, the national healthtech agency, has implemented a GenAI tool called “Russel GPT”, designed to generate rapid summaries from patient data to boost clinician efficiency and enhance the overall patient experience. As Agentic AI adoption among care providers emerges, the primary focus is on enhancing productivity far beyond that provided by GenAI. This focus will demand for almost a third of the GenAI investments in Agentic AI in 2026. Encouraged by the potential of these use cases, healthcare providers across the region are specifically seeking partners with strong AI security capabilities, cloud ecosystems integrated with AI services, a commitment to responsible AI practices, and robust data governance frameworks to ensure safe and effective deployment of GenAI solutions.

AI-Powered Cybersecurity: Core to  Healthcare Resilience and Patient Data Safety

The healthcare sector in the Asia-Pacific region remains highly vulnerable, as the frequency and severity of cyberattacks on major hospitals continue to increase. In India, a recent ransomware attack on AIIMS (All India Institute of Medical Sciences) forced operations into manual mode, disrupting critical services. Similarly, in Australia, a cyberattack led to a significant data breach at St. Vincent’s Health. Considering such incidents, healthcare CIOs across the region are not only prioritizing investments in cybersecurity but are also focusing on cyber-resilience. This translates into proactively detecting and responding to threats earlier through AI-driven security solutions that enhance threat intelligence, response, and recovery.

IDC reports that by 2026, growing cybersecurity risks will prompt 40% of healthcare organizations in APeJ to adopt AI-based threat intelligence solutions to ensure care continuity and safeguard patients.*

A targeted attack on an AI system could compromise its output, potentially endangering patients, such as altered radiation dosages in cancer treatment plans. These threats underscore the critical need for robust security measures to safeguard the integrity and accuracy of AI-driven healthcare applications.

To address these risks, hospitals in the region are heavily exploring AI-specific cybersecurity strategies, including advanced encryption methods to secure data transmission, real-time threat detection systems to identify anomalies, and stringent access controls to prevent unauthorized use.

The current landscape of the Asia/Pacific healthcare sector limits organizations’ ability to enhance their IT security capabilities. IDC data indicate that regional healthcare providers prioritize managing internal and external security risks, achieving greater visibility into the threat landscape, and having proactive threat detection, response, and remediation capabilities. Security service providers need to align their capabilities with these priority areas for initial pitching and successful engagement. CISOs and CIOs of regional healthcare providers have indicated to IDC that real-time threat intelligence and predictive analytics for identifying potential security risks are the most valuable functionalities they seek in AI-powered security tools, reflecting a strong focus on proactive and efficient threat detection and response.

Defining the path ahead to secure the future

To truly unlock the potential of GenAI and Agentic AI, healthcare providers must take a thoughtful and strategic path forward. It starts with building a strong foundation by establishing a data governance framework led by a team of clinicians, data scientists, legal experts, and patient safety officers to guide responsible use. One of the most impactful steps is integrating GenAI into EHR workflows, especially for automating documentation, something IDC identifies as a top priority for care providers. Just as important is strengthening the data architecture behind these systems, ensuring they are secure, scalable, and ready to support the future of AI-powered healthcare.

Take the next step and realize the full business value of AI with our two practical webinars:

If you would like to speak to an IDC analyst about our tech-related insights on healthcare, simply fill out the form.

*SOURCE: IDC FutureScape: Worldwide Healthcare Industry 2025 Predictions — Asia Pacific (Excluding Japan) Implications

Manoj Vallikkat - Senior Research Manager - IDC

Analyst Profile
Manoj Vallikkat currently works as a senior research manager for Healthcare Insights in IDC Asia/Pacific. His research covers digital transformation (DX) across care delivery systems in the region, focusing on areas such as evolving healthtech ecosystem, patient-centric care, and predictive care management. He also covers the life sciences segment, with special interest in artificial intelligence (AI)-based drug discovery and remote clinical trial practices. Manoj has led key consulting engagements across the country markets in the Asia/Pacific region. He has also handled various GMS engagements for tech providers, which include tailored reports, round-tables, and speaking gigs.

As geopolitical disruptions, tariff uncertainties, and economic slowdowns prompt organizations to reevaluate budgets, one area that remains non-negotiable is cybersecurity, risk, and compliance. Across Asia/Pacific, this domain has proven remarkably resilient to budget contractions, emerging as a critical enabler of AI-driven innovation, trust, and long-term business viability.

According to IDC’s Worldwide Security Spending Guide, Asia/Pacific enterprises are expected to invest USD $44.4 billion in cybersecurity in 2025, with spending projected to grow at a CAGR of 10.6%, reaching USD $60.6 billion by 2028. This upward trajectory underscores a critical shift: cybersecurity is no longer viewed as a discretionary cost, but as a strategic imperative that is deeply embedded into digital transformation, regulatory readiness, and AI adoption initiatives across the region.

While Asia/Pacific is home to four of the world’s top ten digital economies, it is also at the epicenter of a dual inflection: the aggressive integration of artificial intelligence (AI) into enterprise workflows and the intensifying complexity of the cybersecurity threat landscape. Enterprises across sectors, from banking and healthcare to manufacturing and public utilities, are experiencing the push and pull of this convergence. The accelerated adoption of GenAI, the rise of autonomous decision-making systems, and increased reliance on sensitive data have reshaped the risk surface.

This confluence of AI acceleration and security pressure is driving a new breed of enterprise questions:

  • How can we ensure our GenAI deployments are compliant, transparent, and ethically aligned?
  • How can AI be used to counter AI-driven threats while ensuring explainability and trust?
  • What does an integrated approach to AI risk governance, security operations, and regulatory compliance look like?

According to IDC’s Asia/Pacific Security Study, 2024, 76.5% of regional enterprises admit they are not confident in their ability to detect and respond to AI-powered attacks. The most pressing threats include AI-driven vulnerability scans, zero-day exploits, ransomware with adaptive extortion tactics, and highly personalized social engineering attacks. These risks are particularly acute in regulated industries such as financial services, telecom, and healthcare.

Despite the urgency, organizations in Asia/Pacific face several barriers in building AI-resilient security postures. These include:

1. Integration and cost complexities

AI holds immense promise for security automation, but its adoption is hindered by poor integration with legacy environments and high costs. IDC predicts that by 2027, only 25% of consumer-facing companies in Asia/Pacific will adopt AI-powered identity and access management (IAM) systems, citing operational complexity and financial constraints as core reasons. This growing trust gap makes consumer authentication and identity protection increasingly vulnerable.

2. Regulatory fragmentation and governance gaps

While countries like Singapore and Australia have advanced AI governance policies, the broader region remains fragmented. China’s regulations prioritize algorithmic transparency and national security. Japan emphasizes Responsible AI under self-regulation. India, meanwhile, is still shaping its framework under the Digital India mission. This patchwork of mandates creates compliance confusion, especially for multinational enterprises. A major shift ahead is the expected rise of AI Bills of Materials (AI BoM). By 2028, IDC expects 70% of data products will be accompanied by BoMs detailing consent trails, model training inputs, and risk assessments i.e. a new layer of accountability for enterprise AI deployments.

3. GenAI growth without guardrails

As organizations race to scale GenAI solutions beyond proof-of-concept, risk governance is often left behind. IDC forecasts that in 2025, one in five APJ enterprises will move to production with GenAI without a comprehensive risk-based trust assessment. This opens the door to data leakage, algorithmic bias, reputational damage, and hefty regulatory penalties. In the absence of structured governance, enterprises risk building innovation on a fragile security foundation.

A blueprint for AI-resilient security

Building a future-ready posture

Cybersecurity in Asia/Pacific is moving from reactive to predictive. It is no longer about responding to known threats but is about anticipating emerging risks in a world where AI shapes both offense and defense. Enterprises must future-proof their security architecture by investing not only in technologies but also in governance, skills, and regulatory alignment.

Organizations that embed trust into the core of their AI strategies will be the ones that lead in both innovation and resilience. AI-powered businesses must ensure that privacy, explainability, and compliance are not afterthoughts, but integral components of the design and delivery process. In this new era, cybersecurity is inseparable from AI transformation and trust is its ultimate currency.

Join the Responsible and Secure AI: The Cornerstone of AI-Driven Growth webinar on 23 July 2025 to stay ahead of evolving AI risks, CSO expectations, and regional regulations. Register today!

Partner with IDC | CSO to elevate your brand presence at Asia’s leading gathering of CISOs and IT security executives. Position your unique capabilities to become security leaders’ trusted vendor of choice in safeguarding their valuable corporate data in the cloud and in exploring the pivotal role of AI and quantum-proof technologies. Happening across 7 Asia/Pacific cities from April to November 2025, join us at the event to showcase your case studies, success stories, and more!

Learn more here

Sakshi Grover - Senior Research Manager - IDC

Analyst Profile
Sakshi Grover is a senior research manager for IDC Asia/Pacific Cybersecurity Services, supporting its research and client engagement activities across Asia/Pacific markets. Additionally, she serves as the lead security analyst for IDC India. Sakshi is responsible for delivering syndicated custom research and consulting engagements on next-generation emerging and disruptive technologies. Her tasks include developing and socializing IDC's point of view within security services, covering both legacy and modern cybersecurity technologies. Her role involves close collaboration with technology vendors and buyers, developing market insights, and providing research, consulting, and advisory services in the fields of security software and services. This includes partnering on research efforts with relevant country analysts in the local IDC offices. Sakshi's views on security have been quoted in numerous publications, such as the Economic Times, Business Standard, Data Quest, CRN, and others.