A CISO’s guide to mastering the risks and potential of AI

AI is an unstoppable force transforming industries and how we live, work and do business. At an organizational level, NTT DATA’s Global GenAI Report shows that 95% of C-suite leaders believe GenAI is driving a new level of innovation and 97% of CEOs expect a material impact from the technology.  

However, this revolution is accompanied by a wave of new and unexpected cyberthreats. AI-enhanced malicious attacks are now a prominent emerging risk for organizations in manufacturing, healthcare, financial services and other industries. 

The move to adopt AI is exposing new attack surfaces and security vulnerabilities, and cybercriminals are creating sophisticated AI-enabled threats. They’re exploiting inadequate security controls to manipulate AI models and compromise the integrity of these models’ underlying data.

AI security in the spotlight

Because AI’s immense potential for innovation and growth is coupled with these new challenges, cybersecurity has been elevated from a technological risk to a business risk.

Our GenAI report shows that a significant majority of organizations are committed to spending more on both AI and cybersecurity. And, as Gartner® states in the 2025 CIO Agenda: Global Insights and Data, “84% of CIOs and technology executives plan to increase their funding for AI from 2024 to 2025, and 87% plan to increase their funding for cyber/information security.”*

But are CISOs prepared to help their organizations tap into the potential of AI while also protecting their digital assets from the associated risks? We call this the AI security balancing act.

• ALSO READ → Strengthen your cyber resilience with Managed XDR from NTT DATA

A high-stakes balancing act

At NTT DATA, we recognize the critical importance of balancing AI’s transformative potential with robust cybersecurity measures.

This alignment is crucial, as it underscores the need for an integrated cybersecurity posture that can help CISOs navigate the complex intersection of technology and business.

I am therefore excited to announce the launch of our new guide, The AI security balancing act: From risk to innovation. This guide offers valuable insights for CISOs, as it delves into the specific challenges and vulnerabilities introduced by AI and GenAI.

New territory presents new challenges for CISOs

We explore, among other things, why CISOs face such a complex task in taking responsibility for security, privacy and compliance.

They’re often in the challenging position of navigating fast-evolving and uncharted territory while having to manage the tension between mitigating risk and supporting the ambitious growth and innovation goals of CEOs and other C-suite executives.

In fact, our research shows that 54% of CISOs say their organizations’ internal guidelines or policies on responsibility are unclear — but just 20% of CEOs say the same.

Keeping up with government regulations on AI is another notable challenge. According to our report, more than 8 in 10 organizations say these regulations are unclear, and this lack of direction stifles innovation and hinders investment in GenAI.

And, of course, CISOs have to contend with aging and legacy infrastructure, with 93% saying that the demand for GenAI solutions is also driving a review of their organizations’ network, edge and cloud architecture.

The emergence of agentic AI

At the same time, the technology itself keeps evolving. Agentic AI is now the next major frontier of innovation, facilitating complex decision-making and troubleshooting across organizational domains, including cybersecurity.

It has far surpassed traditional rule-based automation in its ability to autonomously detect, analyze and respond to threats in real time, and with intent and context awareness. It can adapt dynamically to shifting attack tactics while orchestrating multiple tools and workflows for faster threat triage and remediation.

However, agentic AI will only add this level of value if it is guided by well-defined data governance and data protection and privacy policies.

Our guide provides practical guidance for CISOs on how to include all of these factors in their decision-making to ensure AI has a positive impact on their organizations.

Make cybersecurity a strategic advantage

It’s clear that an AI-led, platform-driven approach to cybersecurity is now the best way to protect your data and other digital assets, and the fastest way to access the expertise you need is to collaborate with an expert partner.

Let us help you evaluate your organization’s current cybersecurity strategy and guide you toward becoming a secure, prosperous and sustainable AI-driven business.

• ALSO READ → The AI responsibility crisis: Why executive leadership must act now

* Gartner, 2025 CIO Agenda: Global Insights and Data
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.