You're treating IT like the wrong Organ
Most companies (at least at the enterprise level) that I've worked with, keep IT as simply another division of financial services (Don't worry you're not the only CIO reporting to a CFO). This seems to a be a pretty par for the course business decision these days, because IT while obviously a hole where money goes to die, is seen as a cost saving mechanism for the business. The idea becomes that IT comes in, reviews processes, and augments them with technology in order to improve the overall efficacy of the business. As such IT is often treated like a limb that can be discarded if it becomes to unwieldy. If the cost saving mechanism starts costing too much money it's viewed as a problem rather then a solution.
I'm here to propose to you (with my rather obvious implicit bias working in the field) that this view of IT is incorrect. If this were 1985 and the personal computer was still yet a glimmer in the eyes of Steve Jobs and Bill Gates I might agree that there is an argument to be had about the usefulness of IT to the business; however, as technology has evolved, neigh, exploded over the last 40 years, I find this assessment to be lacking. IT is no longer an augmentation tool that simply makes things more efficient. As colonial pipeline made clear to us all, without IT the business does not function, full stop.
I think the continued success of ransomware and the damage done by things like WannaCry, NotPetya, or the likes has hopefully made it more then clear. IT is no longer the cost augmentation facility, it is no longer a matter of efficacy, it is the living, beating core of the business. If you do not have some form of IT department in the year of our lord 2021, your business is dead. Name me any other segment of the business that without you would be brought to a full stop in operations in less then one hour.
Ask yourself, if all of your HR staff walked out right this very moment, about how long would it be before you had to bring the business to a stop and start negotiating with them? I'm not going to pretend we don't need HR, but I'm going to imagine that you might get by for a few hours, maybe even a few days, before the pain points really started to kick in.
Now do the same with every single computer in your building. How long can your business function if every router, switch, and computer in every building you owned was shut off. Is it a matter of hours? days? I would hazard a guess that the functionality range sinks down to the minutes. Computer technology has become so deeply ingrained in the structure of the modern day business that often times the only thing that supersedes it in overall importance is the literal product you produce.
Yet IT as a department is constantly on the back foot having to defend itself in numerous companies about it's decisions and even more so about it's request to be in the decision making process and to me this is a mistake. IT is the heart and lungs of your organization, the longer an element of your organization is out of line with the way it operates the worse and worse things are going to get. It is of my personal opinion that if you're a leader in IT you need to start making it clear that your roll in the organization isn't as a glorified process janitor, it's effectively COO.
Sure that plant may make the widget that your company sells, but every single connecting piece that gets that widget from you to the customer is wrapped and bundled in critical elements of your IT infrastructure. Without IT it doesn't matter what you make in the 21st century, you're not selling it. CIO's your business unit isn't just some component of the business anymore, it is the business and we've got to start making it clear if we want our budgetary objectives and staffing needs met.
In a rather selfish statement on my part, IT needs to come first. IT shouldn't be asking to be apart of the decision making process, other BU's should be asking IT how they integrate properly. If I can't buy a product without purchasing being involved in the process I'm going to go out on a limb and say you shouldn't buy a piece of technology of any kind without some representative of IT being involved in the process, even directing it.
In the coming years I think it's going to become even more apparent that IT is going to have to take the reins on overall business implementation, especially so as the ICS world becomes increasingly dependent on interconnectivity. I think honestly that's what is going to spur most companies to realize that maybe the guy who runs all the plants isn't actually as important as the guy who makes sure all the plants are talking to each other.
These vendors more and more are needing that interconnectivity to even have basic functionality in the product. PLC, SCADA, HMI, etc are all becoming more a part of the overall IT lexicon then they were even 5 years ago, and much like the website HR uses to hire, or the program that purchasing uses to track vendors, the ICS technologies too are going to come under the care of your CIO's more so then your COO's.
I think any company that wants to play in the modern era is going to have to jump in front of this, because otherwise, all the decisions you make will be based on the wrong emphasis. It won't matter how fast that glorified sewing machine you have is if it's cryptolocked and there is nothing you can do about it. CIOs, be assertive, don't be afraid to let the business know, they run because of you and your people.
Like I said ask each member of the board to step up and ask yourselves "Without this board member or all the people and processes under them how long can the business function?", and let that start making decisions on overall company decision making.