There is a significant misalignment within the C-Suite over the adoption of Generative AI (GenAI), with nearly half of Chief Information Security Officers (CISOs) voicing concerns despite almost-unanimous enthusiasm from Chief Executive Officers (CEOs), revealed a global report from NTT DATA.

Titled ‘The AI Security Balancing Act: From Risk to Innovation,’ the report studied responses from more than 2,300 senior GenAI decision-makers, comprising 1,500 C-Suite leaders, across 34 countries. It highlights a troubling gap between strategic ambition and operational readiness, with CEOs pushing for GenAI acceleration while security leaders warn that outdated infrastructure and unclear policies could stall progress and up risk.

Top brass committed to GenAI, but are teams ready?

A staggering 99% of C-suite executives plan to increase GenAI investment over the next two years, and 67% of CEOs expect to make significant commitments. CIOs and CTOs are similarly upbeat: about 95% are of the view that GenAI would drive greater cybersecurity investment, with security improvements ranked among the top three benefits realised in the last year.

Yet beneath this optimism lies a stark reality – about 45% of CISOs hold negative views about GenAI adoption, citing a lack of clear internal guidelines and weak alignment with cybersecurity frameworks. While only 20% of CEOs express concern over unclear GenAI policies, at least 54% of CISOs highlight it as a major issue – indicating a sharp disconnect in perception at the highest levels of leadership.

Security leaders: Acknowledging value but raising concerns

Despite their reservations, CISOs still see GenAI’s business upside. At least 81% of security leaders with negative views agree that the technology can boost operational efficiency and financial performance.

However, confidence in readiness is low. More than 65% of CISOs admit their teams lack the necessary skills to manage GenAI securely. And only 38% say their GenAI strategies align with cybersecurity goals, compared to over 50% of CEOs who believe they are already aligned. While senior IT leaders understand the potential, they are being outpaced by executive ambition and hampered by systemic roadblocks, the report suggested.

Despite the clear issues with cybersecurity, CISOs and compliance leaders still struggle to convey the need for governance. Without alignment, even well-intentioned deployments are exposed to avoidable risks, said Craig Robinson, VP of Security Services at IDC, emphasising the communication gap between risk and business teams.

“As organisations accelerate GenAI adoption, cybersecurity must be embedded from the outset to reinforce resilience,” said Sheetal Mehta, SVP & global head of cybersecurity, NTT DATA. “A secure and scalable approach to GenAI requires proactive alignment, modern infrastructure, and trusted co-innovation.”

Policy voids and legacy infrastructure

Shockingly, more than 70% of organisations still have no formal GenAI usage policy in place. Only 24% of CISOs strongly believe their company has a robust framework to balance AI innovation with risk mitigation.

These data suggest that governance is lagging behind innovation. Without clearly defined roles, responsibilities, and guardrails, many CISOs feel exposed and under-resourced to support the GenAI push, raising the stakes for boardroom alignment.

Beyond internal politics and policy issues, technical debt is also a major drag on GenAI readiness. Over 85% of CISOs cite legacy systems as a primary barrier to business agility and AI integration.

To address this, at least 64% of security leaders are prioritising co-innovation with strategic IT partners over isolated AI implementations. Their top demand when choosing GenAI vendors is end-to-end AI service offerings, highlighting a preference for integrated, secure solutions that go beyond flashy features. Modernising IoT, 5G, and edge computing capabilities is increasingly seen as essential, not optional, for GenAI’s future.

Conclusion: The GenAI hype needs a conductor

NTT DATA’s findings paint a picture of high-speed innovation without a clearly marked route. While executives, especially CEOs, are enthusiastic about GenAI’s potential to unlock value and disrupt markets, their security counterparts are sounding a cautionary note, that is, governance, infrastructure, and skill sets need to catch up.

The core issue isn't opposition to AI, but the lack of preparedness. CISOs understand GenAI’s benefits but know that enthusiasm without infrastructure is a recipe for breaches, outages, and reputational damage. For GenAI to reach its full transformative potential, companies will need more than just buy-in, rather they will need alignment, accountability, and action across every layer of the enterprise.