NTT DATA research reveals C-Suite misalignment over GenAI adoption

Based on a survey of 2,300 senior GenAI decision-makers across 34 countries, NTT DATA found that while CEOs support GenAI adoption, CISOs and operational leaders face challenges due to limited guidance, unclear directives, and resource constraints

NTT DATA, a global leader in digital business and technology services, has released a new report titled “The AI Security Balancing Act: From Risk to Innovation,” shedding light on the dual nature of AI in cybersecurity—its transformative potential and associated risks. The report reveals a significant disconnect among C-suite executives regarding business objectives and the operational readiness required for generative AI (GenAI) deployment.

Based on a survey of over 2,300 senior GenAI decision-makers—including 1,500 C-suite leaders across 34 countries—the study found that while CEOs and business heads are eager to embrace GenAI, many CISOs and operational leaders are struggling with limited guidance, unclear directives, and insufficient resources to manage the security risks and infrastructure demands tied to implementation.

The C-Suite disconnect

Nearly all (99%) C-Suite executives are planning further GenAI investments over the next two years, with 67% of CEOs planning significant commitments.

In parallel, 95% of CIOs and CTOs report that GenAI has already driven, or will drive, greater cybersecurity investments, with organizations ranking improved security as one of the top three business benefits realized from GenAI deployment in the last 12 months.

Yet, even with this optimism, there is a notable disconnect between strategic ambitions and operational execution with nearly half of CISOs (45%) expressing negative sentiments toward GenAI adoption. More than half (54%) of CISOs say internal guidelines or policies on GenAI responsibility are unclear, yet only 20% of CEOs share the same concern – revealing a stark gap in executive alignment.

Despite feeling cautious about the deployment of GenAI, security teams still acknowledge its business value. In fact, 81% of senior IT security leaders with negative sentiments still agree GenAI will boost efficiency and impact the bottom-line.

Organizational operations not ready for GenAI

NTT DATA’s research further reveals a critical gap between leadership’s vision and the capabilities of their teams. While 97% of CISOs identify as decision makers on GenAI, 69% acknowledge that their teams lack the necessary skills to work with the technology.

In addition, only 38% of CISOs say their GenAI and cybersecurity strategies are aligned compared to 51% of CEOs.

Adding to the complexity, 72% of organizations surveyed still lack a formal GenAI usage policy and just 24% of CISOs strongly agree that their organization has a robust framework for balancing risk with value creation.

Legacy tech limiting GenAI adoption

Beyond internal misalignment, 88% of security leaders said legacy infrastructure is greatly affecting business agility and GenAI readiness, with modernizing IoT, 5G and edge computing identified as essential for future progress.

To navigate these obstacles, 64% of CISOs are prioritizing co-innovation with strategic IT partners rather than relying on standalone AI solutions. Notably, security leaders #1 top criteria when assessing GenAI technology partners is end-to-end GenAI service offerings.

"As organizations accelerate GenAI adoption, cybersecurity must be embedded from the outset to reinforce resilience. While CEOs champion innovation, ensuring seamless collaboration between cybersecurity and business strategy is critical to mitigating emerging risks," said Sheetal Mehta, Senior Vice President and Global Head of Cybersecurity at NTT DATA, Inc. "A secure and scalable approach to GenAI requires proactive alignment, modern infrastructure and trusted co-innovation to protect enterprises from emerging threats while unlocking AI’s full potential."

"Collaboration is highly valued by line-of-business leaders in their relationships with CISOs. However, disconnects remain, with gaps between the organization's desired risk posture and its current cybersecurity capabilities,” said Craig Robinson, Research Vice President, Security Services at IDC. “While the use of GenAI clearly provides benefits to the enterprise, CISOs and Global Risk and Compliance leaders struggle to communicate the need for proper governance and guardrails, making alignment with business leaders essential for implementation."