There is a serious misalignment among C-suite leaders when it comes to business goals and operational readiness for generative artificial intelligence (GenAI) deployment.
This is the headline finding from a new NTT Data report, “The AI Security Balancing Act: From Risk to Innovation”, that highlights the opportunities and risks AI presents in cybersecurity
The report, which includes data from an NTT Data survey of more than 2 300 senior GenAI decision-makers, comprising 1 500 C-suite leaders across 34 countries, found that CEOs and business leaders are committed to GenAI adoption but chief information security officers (CISOs) and operational leaders lack the necessary guidance, clarity and resources to fully address security risks and infrastructure challenges associated with deployment.
The C-suite disconnect
Nearly all (99%) of C-suite executives are planning further GenAI investments over the next two years, with 67% of CEOs planning significant commitments.
In parallel, 95% of CIOs and chief technology officers (CTOs) report that GenAI has already driven, or will drive, greater cybersecurity investments, with organisations ranking improved security as one of the top three business benefits realised from GenAI deployment in the last 12 months.
Yet, even with this optimism, there is a notable disconnect between strategic ambitions and operational execution with nearly half of CISOs (45%) expressing negative sentiments toward GenAI adoption.
More than half (54%) of CISOs say internal guidelines or policies on GenAI responsibility are unclear, yet only 20% of CEOs share the same concern – revealing a stark gap in executive alignment.
Despite feeling cautious about the deployment of GenAI, security teams still acknowledge its business value. In fact, 81% of senior IT security leaders with negative sentiments still agree GenAI will boost efficiency and impact the bottom-line.
Organisational operations not ready for GenAI
The research further reveals a critical gap between leadership’s vision and the capabilities of their teams. While 97% of CISOs identify as decision-makers on GenAI, 69% acknowledge that their teams lack the necessary skills to work with the technology.
In addition, only 38% of CISOs say their GenAI and cybersecurity strategies are aligned compared to 51% of CEOs.
Adding to the complexity, 72% of organisations surveyed still lack a formal GenAI usage policy and just 24% of CISOs strongly agree that their organisation has a robust framework for balancing risk with value creation.
Legacy tech limits GenAI adoption
Beyond internal misalignment, 88% of security leaders said legacy infrastructure is greatly affecting business agility and GenAI readiness, with modernising IoT, 5G and edge computing identified as essential for future progress.
To navigate these obstacles, 64% of CISOs are prioritizing co-innovation with strategic IT partners rather than relying on standalone AI solutions. Notably, security leaders’ top criteria when assessing GenAI technology partners is end-to-end GenAI service offerings.
“As organisations accelerate GenAI adoption, cybersecurity must be embedded from the outset to reinforce resilience. While CEOs champion innovation, ensuring seamless collaboration between cybersecurity and business strategy is critical to mitigating emerging risks,” says Sheetal Mehta, senior vice-president and global head of cybersecurity at NTT Data.
“A secure and scalable approach to GenAI requires proactive alignment, modern infrastructure and trusted co-innovation to protect enterprises from emerging threats while unlocking AI’s full potential.”
Craig Robinson, research vice-president: security services at IDC, adds: “Collaboration is highly valued by line-of-business leaders in their relationships with CISOs. However, disconnects remain, with gaps between the organisation’s desired risk posture and its current cybersecurity capabilities.
“While the use of GenAI clearly provides benefits to the enterprise, CISOs and Global Risk and Compliance leaders struggle to communicate the need for proper governance and guardrails, making alignment with business leaders essential for implementation.”