Preparedness paradox: understanding AI risk and reward in the cyber ecosystem

Among the dominant themes at the upcoming World Economic Forum Annual Meeting will be the disruptive impact that AI will bring to all aspects of business, society and the global economy. Few signals of accelerated growth are as striking as speculation about bubbles – and their inevitable bursting.

Yet, the fervour surrounding AI as a transformative force for data analytics, innovation and operational efficiency is undeniable – as is the reality that AI is quickly propelling us toward an entirely new risk landscape. Indeed, it is fast becoming a business imperative for chief executives to help their companies grow their resilience in the face of new and emerging AI-enabled cybersecurity threats.

At a time of accelerated adoption and advances in generative AI, levels of confidence will naturally vary in terms of its trustworthiness, abilities and potential for bringing positive change. Against this backdrop, we are experiencing a “preparedness paradox” where AI is transforming corporate defence strategies, but it’s also exposing a growing divide between C-Suite’s strategic optimism and security pragmatism. While it is now commonplace for chief executive officers to champion AI as a catalyst for innovation and efficiency, chief information security officers (CISOs) tend to see it as a new frontier of exposure and control.

To better understand this dynamic, AXIS recently commissioned an independent poll of CEOs and CISOs. Based on interviews with 500 executives across multiple industries in the US and UK, a clear theme is already emerging. Amid curiosity and excitement are diverging levels of trust and confidence in AI, which is likely to both help and hinder the development of AI in the future. Focusing on attitudes towards AI as both a cyber-defence tool and an online threat, the research findings suggested that while executives view AI-driven attacks as the number one emerging cyber-threat to their firms, confidence in their ability to defend against the risks is mixed.

Among the headline findings from the research:

1. AI divides the C-Suite

AI is transforming corporate defence strategies, but it’s also exposing a growing divide between C-Suites’ strategic optimism and security pragmatism. For chief executives, AI is frequently looked to as a panacea, with 67.1% of CEO respondents trusting AI tools to help make cybersecurity decisions. Only 58.6% of CISOs felt the same way, however. CISOs are also less confident than CEOs that AI will strengthen their cyber defences (19.5% vs. 29.7%), revealing a wide confidence gap in how leaders perceive and prepare for AI-driven risk.

2. A transatlantic trust divide

As US executives are embracing AI as an engine of innovation and defence, their UK counterparts remain notably more wary, particularly CISOs. AI is generally viewed as an opportunity across both regions, though levels of its uptake and caution vary. Americans’ conviction in AI’s returns (93.5% amongst CEOs; 87.5% amongst CISOs) sharply contrasts with UK caution (69% amongst CEOs; 74% amongst CISOs), setting the stage for how trust drives investment, adoption and preparedness.

3. While preparedness against cyber risks is high, confidence against AI-threats is mixed

Respondents felt comfortable with their cyber-defence strategy and expressed confidence in their position relative to their peers. Yet a preparedness gap is especially pronounced in the UK, where only 44% of respondents said their organization could defend itself against AI-driven cyber threats. The data points to a pivotal moment: as AI transforms both offence and defence, leaders have a narrow window to translate confidence into competence and ensure their defences evolve as quickly as the threats.

4. Firms remain vigilant against AI-driven cyber threats

Organizations across both regions viewed AI-driven attacks as the top emerging cyber threat (25.2%) to their firms, driven by concern among US executives (29.6% overall). Were an attack to occur, respondents feared impacts from reputational damage (39.4% overall) and customer attrition (38.8% overall) the most.

These data points merely hint at the complexity beneath the surface. There is far more to explore about how organizations make decisions, and what truly drives leaders whose firms accelerate AI adoption versus those that remain cautious. Factors such as strategic priorities, cultural attitudes toward risk, and the interplay of competitive pressures and governance all play a critical role and are likely to do so in the future.

A commonality among paradoxes is that while they appear contradictory on the surface, they often contain a deeper truth: As we traverse an AI-enabled cyber-threat landscape, it will be vital for C-Suite leaders to work in concert to grow organizational resilience while unlocking the promise that AI brings.