Navigating Technology, Cyber Risk and Sovereignty: A Conversation with Matt Davies

With decades of experience spanning the private and public sectors, Matt Davies has held leadership roles in management consulting, global IT risk and cybersecurity, and served as Canada’s Chief Technology Officer in Shared Services. Now a Senior Advisor at StrategyCorp, he brings a deep understanding of the evolving intersection of technology, policy, and risk. We spoke with him about the opportunities and challenges of digital transformation, emerging technologies, cybersecurity, and the implications of digital sovereignty in an age of accelerating innovation.

Your career has bridged consulting, startups, global enterprise, and public service. What’s the biggest lesson you’ve learned about using technology to grow value while managing risk?

The key lesson is that organizations are always evolving, and so must your approach. Whether it’s AI, cloud, quantum computing, or cybersecurity, you need to be a lifelong learner. Staying informed about trends in your sector and how competitors and/or suppliers are using technology is crucial. But more than that, it’s about mindset. If the leadership sets the “tone at the top.”  If tone is that’s open to innovation and change, the rest of the organization follows. That culture drives both innovation and adaptability. Some organizations are more restricted by their size and/or regulation, but you can’t afford to sit still. In today’s climate, waiting on the sidelines just isn’t a viable option; organizations need to be able to respond quickly to an ever-changing environment.

Many organizations are trying to modernize while safeguarding data and security. How should they approach the balance between innovation and risk?

Every organization has to find its own balance on that spectrum. Lean too far into innovation, and you could open your organization up to greater risk. Lean too far into risk aversion, and you’ll stall both innovation and progress. This balance is influenced by your leadership culture and, critically, your talent. Technology adoption is never just about the technology. It’s always about the people. Are they supported to experiment and build new skills?  Take AI, for example—employees need to understand what it can do, and where the boundaries are. But they also need to feel both valued and supported. That combination of policy, enablement, and trust is what helps to makes  digital transformation successful.

Digital sovereignty has become a hot topic, especially after recent trade tensions. How should leaders think about where data lives and how it’s governed?

Today, sovereignty is now front and centre in almost every tech conversation. But definitions vary wildly. Ask ten people what sovereignty means, and you’ll get ten answers. When it comes to data, the critical questions are: What’s sensitive? Where is it stored? And who can access it under what laws?

Cloud migration changed the game. You used to know exactly where your data sat, now it could be in a data centre owned by a hyperscaler governed by multiple jurisdictions. Think about the U.S. CLOUD Act, or Europe’s General Data Protection Regulation (GDPR). Your organization may be storing data in Canada, but this data could still be subject to foreign legislation. Leaders need to know where their data is and what legislation applies. It is also important to understand what controls are in place to protect the data. Each organization must determine what they are comfortable with, and how risk is controlled while leveraging benefits.

You mentioned sovereignty beyond just data. What else does it touch?

Sovereignty extends to both applications (including AI) and infrastructure. Some organizations want their data stored on sovereign infrastructure and with sovereign software/applications. Think of AI again: Where are the chips manufactured? Who built the infrastructure? Who built the model? What training data was used? If you care about sovereignty, those layers matter. And that’s what makes it so complex: it’s not one layer, it’s the whole stack.

With Canada’s new national cybersecurity strategy in place, what are the biggest challenges facing organizations today?

The number one challenge is the evolving threat landscape. Bad actors are adapting quickly: leveraging AI, exploiting vulnerabilities, and now we’re seeing quantum computing on the horizon. There’s no static playbook for cybersecurity! Organizations must be agile, constantly assessing and updating their posture and focusing on resiliency in an ever-changing threat landscape.

Most organizations haven’t even completed the shift to “zero-trust,” and now they’re being asked to consider their quantum readiness. Add to that the human element, phishing, social engineering, and it’s clear that cybersecurity is a moving target. No CISO will ever tell you the job is done. It’s always a question of: what risks do we need to address? What else can be done to reduce our exposure to a potential cyber-attack?

What should organizations keep top of mind heading into 2026?

Don’t underestimate the pace of change! Whether it’s the increased adoption of technology such as Generative AI, the changing regulatory landscape, or the geopolitical impacts on your supply chain, the environment is constantly changing. That is why the “tone at the top” and culture matters. You need leadership that’s strategic, proactive, and informed. We are living in exciting times!