NTT DATA launched its new report, "The AI Security Balancing Act: From Risk to Innovation," highlighting the opportunities and risks AI presents in cybersecurity. The findings show a misalignment among C-Suite leaders when it comes to business goals and operational readiness for GenAI deployment.

The report, which includes data from an NTT DATA survey of more than 2,300 senior GenAI decision makers, comprising 1,500 *C-Suite leaders across 34 countries, found that while CEOs and business leaders are committed to GenAI adoption, CISOs and operational leaders lack the necessary guidance, clarity and resources to fully address security risks and infrastructure challenges associated with deployment.

The C-Suite disconnect

Nearly all (99%) C-Suite executives are planning further GenAI investments over the next two years, with 67% of CEOs planning significant commitments.

In parallel, 95% of CIOs and CTOs report that GenAI has already driven, or will drive, greater cybersecurity investments, with organizations ranking improved security as one of the top three business benefits realized from GenAI deployment in the last 12 months.

Yet, even with this optimism, there is a notable disconnect between strategic ambitions and operational execution with nearly half of CISOs (45%) expressing negative sentiments toward GenAI adoption. More than half (54%) of CISOs say internal guidelines or policies on GenAI responsibility are unclear, yet only 20% of CEOs share the same concern - revealing a stark gap in executive alignment.

Despite feeling cautious about the deployment of GenAI, security teams still acknowledge its business value. In fact, 81% of senior IT security leaders with negative sentiments still agree GenAI will boost efficiency and impact the bottom-line.

Organizational operations not ready for GenAI

NTT DATA's research further reveals a critical gap between leadership's vision and the capabilities of their teams. While 97% of CISOs identify as decision makers on GenAI, 69% acknowledge that their teams lack the necessary skills to work with the technology.

In addition, only 38% of CISOs say their GenAI and cybersecurity strategies are aligned compared to 51% of CEOs.

Adding to the complexity, 72% of organizations surveyed still lack a formal GenAI usage policy and just 24% of CISOs strongly agree that their organization has a robust framework for balancing risk with value creation.

Legacy tech limiting GenAI adoption

Beyond internal misalignment, 88% of security leaders said legacy infrastructure is greatly affecting business agility and GenAI readiness, with modernizing IoT, 5G and edge computing identified as essential for future progress.

To navigate these obstacles, 64% of CISOs are prioritizing co-innovation with strategic IT partners rather than relying on standalone AI solutions. Notably, security leaders #1 top criteria when assessing GenAI technology partners is end-to-end GenAI service offerings.

"As organizations accelerate GenAI adoption, cybersecurity must be embedded from the outset to reinforce resilience. While CEOs champion innovation, ensuring seamless collaboration between cybersecurity and business strategy is critical to mitigating emerging risks," said Sheetal Mehta, Senior Vice President and Global Head of Cybersecurity at NTT DATA, Inc. "A secure and scalable approach to GenAI requires proactive alignment, modern infrastructure and trusted co-innovation to protect enterprises from emerging threats while unlocking AI's full potential."

"Collaboration is highly valued by line-of-business leaders in their relationships with CISOs. However, disconnects remain, with gaps between the organization's desired risk posture and its current cybersecurity capabilities," said Craig Robinson, Research Vice President, Security Services at IDC. "While the use of GenAI clearly provides benefits to the enterprise, CISOs and Global Risk and Compliance leaders struggle to communicate the need for proper governance and guardrails, making alignment with business leaders essential for implementation."