An international study by NTT Data of more than 2,300 decision-makers shows: The introduction of generative artificial intelligence (GenAI) is not viewed uniformly by company management. Although CEOs are driving the technology forward with vigor - 67% of them are planning significant investments over the next two years - almost half of Chief Information Security Officers (CISOs) are critical of this course.

The biggest concerns of those responsible for security relate to unclear responsibilities and a lack of guidelines when using GenAI. While only 20% of CEOs see this as a problem, 54% of CISOs report a lack of internal responsibility structure. In addition, only 38% have coordinated strategies for GenAI and cyber security.

Despite concerns: security chiefs recognize the potential of GenAI

Despite this reluctance, many CISOs recognize the potential benefits: 81% of those with a critical stance confirm that GenAI enables efficiency gains and positive business effects. At the same time, 88% see outdated infrastructures as a key obstacle to the use of the technology. Only a quarter of respondents state that their company has a solid framework for managing AI risks.

Lack of skills slows down GenAI implementation in companies

The study emphasizes the importance of involving those responsible for cybersecurity at an early stage. "As organizations accelerate the adoption of GenAI, cybersecurity must be integrated from the outset to strengthen resilience. CEOs are driving innovation - but only a close integration of cybersecurity and corporate strategy can help to effectively manage new risks," says Sheetal Mehta, Senior Vice President and Global Head of Cybersecurity at NTT Data.

Cooperation between C-level and IT security as a success factor

Christian Koch, Senior Vice President of Cybersecurity, Innovations & Business Development at NTT Data DACH. © NTT Data DACH.

Clear governance, modern IT architectures and close cooperation between security officers and management are also necessary. "GenAI can only be scaled efficiently and securely if security architectures and governance structures grow accordingly. The biggest challenge here is not the technology itself, but the lack of application of standards and rules. CISOs must therefore define guard rails at an early stage in order to proactively control risks rather than postpone them. At the same time, AI projects should also be given room to breathe and room for innovation. If management, IT and security work together, GenAI can not only be used responsibly, but also with maximum added value for the company's own innovation dynamics," says Christian Koch, Senior Vice President of Cybersecurity, Innovations & Business Development at NTT Data DACH.

The full report "The AI Security Balancing Act: From Risk to Innovation" is available online.