There’s often a disconnect between CEOs and line-of-business executives when it comes to enterprise AI adoption, with executives pushing for broader implementation, and CISOs and operations teams advocating a more cautious approach due to concerns around security and operational readiness.
This disconnect was made evident in a 22-page report, “
The AI Security Balancing Act: From Risk to Innovation,” released this week by
NTT Data, which includes data collected from 2,300 senior generative AI decision-makers, including 1,500 C-suite leaders from 34 countries.
The survey results put a spotlight on the promise and risks that come with enterprise adoption of GenAI tools and services, and also highlights issues that organizations will have to resolve going forward.
“Based on the findings, the divide between CISOs and CEOs on AI adoption is a crucial dynamic shaping enterprise strategies today,”
Sandip Ghosh, global go-to-market had at NTT Data, told MSSP Alert. “CEOs often see AI as a game-changing innovation that drives competitiveness and growth, whereas CISOs prioritize risk management and security concerns. Organizations that successfully bridge this gap are integrating cybersecurity into their AI strategies early, ensuring that security leaders are part of AI planning and deployment rather than brought in as an afterthought.”
Ghosh noted that some companies are creating formal AI governance frameworks that include co-ownership between innovation and security teams to balance the speed of adoption and risk mitigation.
CEO Enthusiasm vs. CISO Reserve
The data findings highlight that 95% of C-suite executives believe generative AI is driving new levels of innovation in their organizations, and almost 99% plan further investments in the emerging technology over the next two years. In addition, 67% of CEOs are making significant commitments to such investments.
However, CISOs carry more worries about generative AI adoption, with 45% expressing negative sentiments toward it, supported by 54% citing unclear internal guidelines or policies on technology responsibility. Only 20% of CEOs share the concern, underscoring the gap in the viewpoints among executives.
“The increasing adoption of AI goes hand in hand with new and evolving cyberthreats, and AI-enhanced malicious attacks are a prominent emerging risk for organizations,” Sheetal Mehta, senior vice president and global head of cybersecurity at NTT Data, wrote in the forward in the report.
Investments in Both AI and Security
Despite the divergence, both sides acknowledge the validity of the other's viewpoint. Mehta wrote that most organizations plan to spend more on both AI and security, with 95% of CIOs and CTOs saying that generative AI is driving or will drive more cybersecurity investments. In addition, organizations ranked improved security as one of the top three business benefits of GenAI deployments over the previous 12 months.
Meanwhile, 81% of senior IT leaders that have negative viewpoints about AI adoption agree that GenAI will increase efficiency at their companies and improve finances.
“This underscores the acknowledgment by CISOs of the changing imperatives in the age of AI,” he wrote. “They need a modern, integrated cybersecurity posture to navigate this complex and fast-changing technology and business landscape. But are CISOs prepared to help their organizations tap into the potential of AI while also protecting their digital assets from the risks that come with it? We call this the AI security balancing act.”
That will require closing others perception gaps. While only 38% of CISOs say their companies’ GenAI and cybersecurity strategies are aligned, more than half (51%) of CEOs say they are. Also, 72% of organizations lack a formal GenAI use policy and only 24% of CISOs strongly agree that their companies have robust frameworks for balancing risk with creating value.
Upgraded Infrastructure Needed
NTT Data’s Ghosh emphasizes that organizations need to take three key steps to balance AI innovation and security, the first being modernizing their infrastructures to enable secure AI adoption. A focus should be on such areas as 5G, the edge, and the Internet of Things. About 88% of security leaders say their outdated infrastructure is impacting business agility.
They also need clear AI governance to shore up the lack of formal use policies and reduce their risks. Ghosh also stressed the need cross-functional alignment to ensure AI deployment isn’t only the purview of innovation teams.
“Security leaders must be engaged from day one,” he said. “Encouraging co-ownership of AI initiatives ensure risks and benefits are weighed holistically.”
MSSPs' Role in Easing the Disconnect
MSSPs and MSPs will be important players as this plays out, Ghosh said. Enterprises are increasingly relying on MSSPs for AI-driven threat detection, risk management and compliance support as AI initiatives scale.
“A key trend emerging is co-innovation,” he said, noting that “88% of security leader say they prioritize collaboration with strategic IT partners to enhance AI security frameworks. MSSPs and MSPs play a critical role by helping organizations integrate security-first AI strategies, embedding zero trust architecture, and offering managed detection and response [MDR] solutions tailored for AI environments.”
In addition, they deliver the ability to continuously monitor AI use within an environment, providing feedback for deploying and implementing the necessary guardrails that ensure successful and responsible AI deployment, he said.