GenAI adoption requires security leadership, not just executive enthusiasm

The rise of GenAI has ushered in a new frontier for digital transformation. With the potential to reimagine how we work, create and deliver value, it is quickly becoming a strategic priority across the boardroom.

As the hype around the technology increases, many organizations are facing a less exciting reality: A lack of alignment between business goals and security preparedness.

A recent NTT DATA guide for CISOs, The AI security balancing act: From risk to innovation, confirms a growing disconnect regarding GenAI readiness. CEOs are driving adoption at full speed, confident in AI’s potential to fuel innovation and growth. But CISOs — the professionals tasked with safeguarding this transition — are pumping the brakes.

This tension is not simply a case of differing perspectives. It signals a deeper governance challenge that could undermine Kenya’s digital economy and compromise long-term competitiveness if not addressed head-on.

The boardroom paradox

CEOs are enthusiastic — nearly all are committed to deepening their investments in GenAI over the next two years. This optimism reflects the clear business gains that are already being reported, including enhanced productivity, improved customer engagement and streamlined operations.

However, this high-level optimism isn’t always grounded in operational realities. CISOs, who have a front-row seat to organizational risk, are raising legitimate concerns about infrastructure limitations, unclear accountability and a lack of internal policies. While many CEOs see GenAI as a path to transformation, close to half of CISOs express reservations about its rapid rollout.

This divergence reveals more than just a difference in priorities. It also exposes a misalignment between vision and execution. The C-suite cannot afford to move in silos. In the case of GenAI, governance must catch up to ambition.

Security as the foundation for innovation

While GenAI is often marketed as a disruptive force, its value will be short-lived without embedded security. The reality is that few organizations are fully prepared for what safe and scalable AI deployment entails.

Legacy infrastructure continues to be a stumbling block. Most security leaders in the NTT DATA study agree that outdated systems are restricting GenAI adoption and hindering business agility. In Kenya and across Africa, many organizations are still operating in hybrid environments where modern digital capabilities must be layered onto old foundations.

GenAI, by nature, demands speed, scale and trust — all of which hinge on cybersecurity readiness. A single data leak or breach of an AI model’s training set could have severe reputational and financial consequences.

Worse still, weak oversight may enable the misuse of AI-generated content and decision-making in regulated industries such as finance or healthcare.

• ALSO READ → The double-edged sword of AI in cybersecurity

Aligning the C-suite around shared risk and value

It’s worth noting that most CISOs are not anti-innovation. In fact, many acknowledge GenAI’s growing role in boosting organizational efficiency. But they also know that AI is only as effective as the systems on which it’s built and the guardrails that contain it.

The solution is not to slow down innovation, but to reframe how GenAI initiatives are structured. Stronger internal alignment, clearly defined policies and shared metrics between business and security leaders can close the trust gap. This includes co-owning GenAI strategies, rather than treating security as an afterthought.

The most successful organizations in this space are already shifting toward collaboration over silos. Security leaders are partnering with CIOs, COOs and CEOs to address both the potential and the vulnerabilities of AI tools. This is particularly crucial in East Africa, where regulatory frameworks around AI remain in flux and public trust in data governance is still being built.

• ALSO READ → Why data is the key to Africa’s next leapfrog moment

Investing in capabilities, not just tools

While policy and governance are foundational, organizations must also invest in their people.

According to our research, many CISOs feel their teams lack the skills needed to properly integrate and manage GenAI tools. This should be a red flag for any board investing heavily in AI. Without the right talent to secure and sustain AI infrastructure, organizations risk adopting tools they cannot safely use.

Upskilling cybersecurity teams and creating cross-functional AI governance bodies should be on every organization’s near-term agenda. In parallel, modernizing infrastructure — especially in cloud, IoT and edge environments — will unlock the agility GenAI requires.

What’s encouraging is that many CISOs are already leaning into partnerships to accelerate this journey. Rather than pursuing AI in isolation, they’re seeking co-innovation with technology partners who offer end-to-end services. This shift from “buy and deploy” to “build together” could be the defining trend that shapes secure GenAI adoption in Kenya.

The way forward in Kenya and beyond

Kenya’s digital future will increasingly be shaped by GenAI. From customer-service bots to real-time fraud detection, the applications are both powerful and diverse. But as organizations race ahead, it’s critical that cybersecurity is not left behind.

The promise of GenAI is real — and so are its risks. It’s time to bring CISOs to the strategy table, not just as advisors but as equal architects. Only through genuine alignment can we build the trust, resilience and readiness required to unlock AI’s true potential.

• ALSO READ → A CISO’s guide to mastering the risks and potential of AI