Thereโs never been a more urgent time to address the intersection of GenAI and enterprise risk. As generative AI reshapes boardroom strategy and accelerates digital transformation, its rapid adoption is also exposing new attack surfaces and vulnerabilities.
Omdia forecasts that autonomous Security Operations Centers will become the industry standard within the next two years, as Agentic AI transforms threat detection, investigation and response by automating core security workflows and freeing analysts for higher-level strategic operations. This shift underscores a fundamental truth: GenAI is not only accelerating business innovation, it is redefining cybersecurityโs operating model โ and organizations must be prepared to evolve with it.
Another recent study found that 99% of CEOs plan to increase investments in AI, yet nearly 90% of security leaders cite legacy infrastructure as a major barrier to their GenAI progress.ย The stakes are rising fast with cybercriminals rapidly weaponizing GenAI to scale attacks and high-profile breaches in retail, automotive and healthcare sectors, underscoring the need for risk-aware and adaptive cybersecurity strategies that drive resilience.
By utilizing GenAI, cybercriminals can exploit inadequate security controls to manipulate AI models and compromise data integrity and the reliability of AI-enabled solutions. As a result, security leaders are highly concerned about the potential risks involved with GenAI deployments without appropriate guardrails in place. In todayโs hyperconnected world, a small breach can lead to catastrophic, irreversible damage beyond the boundaries of the enterprise concerned.
This yearโs wave of high-profile cyber incidents, from luxury retailers to global automakers, underscores how basics have to be focused upon. No organization is immune, including critical utilities and healthcare services providers. With AI technologies advancing faster than most defenses, leaders investing in GenAI must align clear, actionable strategies to not only protect themselves but also their digital ecosystems and customers.
C-Suite Misalignment and Unpreparedness
As enthusiasm for GenAI grows, the C-suite faces a crucial balancing act between opportunity and risk.
The latest data shows a striking disconnect: while 95 % of CIOs and CTOs expect GenAI to drive greater cybersecurity investment, nearly half of CISOs remain cautious, citing unresolved basic security gaps and outdated infrastructure. Around 54% of CISOs say internal guidelines on GenAI responsibility are unclear, compared with just one in five CEOs. This gap in perception reflects a broader issue โ C-suite misalignment where security is an afterthought to GenAI strategy implementation rather than being perceived as an enabler for Gen AI adoption.
The skills shortage adds another layer of complexity. CISOs are seeing that their teams lack the expertise to work with GenAI, even as most consider themselves key decision-makers in its deployment. Furthermore,ย many believe that their organisations have robust frameworks for balancing risk and innovation but the alignment of GenAI and cybersecurity strategies are not quite there yet.
As organizations accelerate GenAI adoption, cybersecurity must be embedded from the outset to reinforce resilience. A secure and scalable approach to GenAI requires proactive alignment, modern infrastructure and trusted co-innovation to protect enterprises from emerging threats while unlocking AI’s full potential.ย
The Challenge of Legacy Infrastructure
Outdated technology is one of the most significant obstacles preventing organisations from rolling out GenAI safely. The vast majority of security leaders point to legacy infrastructure as a major barrier to progress.ย
Cybercriminals understand that AI systems depend on the integrity of underlying data and algorithms, making these components prime targets for attacks and data poisoning. They often probe for weaknesses, especially in legacy systems, which are more vulnerable to attacks that manipulate input data to deceive AI models. As organisations look to harness GenAIโs full potential, modernizing core systems, cloud environments and edge computing is becoming essential. Without these upgrades, even the most advanced AI solutions can be compromised.
Moving towards a comprehensive cyber resilience strategy
Collaboration between business and security leaders is imperative to scale AI securely and responsibly. CISOs play a central role in balancing innovation with risks, ensuring that security considerations are embedded into every phase of AI adoption as a strategic enabler and not as an afterthought.
To reinforce cybersecurity, organizations should establish a dedicated AI security policy that outlines AI risk assessments and lifecycle governance aligned with ISO/IEC 42001, NIST AI RMF and other global regulations and guardrails to protect AI data models, LLM applications and APIs. A comprehensive policy embedded within the organizationโs broader governance, risk and compliance framework offers clarity and control. Most importantly, this policy should also define clear roles and responsibilities and be regularly updated as the AI landscape evolves. Otherwise, organizations risk losing their competitive edge.ย
Furthermore, to strengthen cybersecurity while scaling for GenAI, organizations must embed security by design – from architecture to code. Core controls like encryption, access management and anonymisation help protect sensitive information. As AI models handle increasingly complex data, organisations must secure training datasets and adopt privacy-preserving methods such as federated learning. Ongoing testing, including adversarial techniques, is essential to detect vulnerabilities early.ย In short, AI security should be a foundational part of oneโs organizationโs technology strategy.
Finally, resilience cannot be treated as one-time exercise. Organizations need to also embed resilience by design into their strategy to operations and digital ecosystem. Enabled through continuous monitoring and threat detection to proactively prepare their cyber defense, strengthen their incident response playbooks and reliable recovery plans. AI itself can significantly bolster organizationsโ threat-hunting capabilities by analyzing network traffic, user behavior and system configurations to identify anomalies in real time. Agentic AI can take this one step further with autonomous agents that help with alert triage and reduce false positives, significantly reducing mean time to detect and response.ย
Advancing Security for the Future
As enterprises race to unlock GenAIโs transformative potential, the importance of C-suite alignment and infrastructure modernization are becoming impossible to ignore. The latest wave of cyberattacks serves as a stark reminder that innovation and security must advance together.
By closing strategic gaps, modernizing technology and embedding cybersecurity at every stage of AI adoption, organisations can turn cybersecurity into an enabler for AI and innovation that drives resilient growth.
