As artificial intelligence becomes more embedded in business operations, new research suggests many cybersecurity leaders are confident in traditional security disciplines but less certain about their ability to respond to AI-enabled threats and software supply chain risk.
LevelBlue’s “Persona Spotlight: CISO” report surveyed Chief Information Security Officers (CISOs) on preparedness, governance and how security functions are integrated into broader business decision-making. Sixty per cent (60%) of respondents rated themselves as highly competent in cyber resilience, core security operations and collaboration with the wider business. In addition, 61% said their adaptive cybersecurity approach enables their organisations to take greater innovation risks.
However, confidence was lower when respondents considered emerging AI-driven threats. Just 53% said they feel prepared to defend against “AI-authorised adversaries,” while 45% expect AI-powered or deepfake attacks to affect their organisations within the next 12 months.
LevelBlue said this gap between expectations and preparedness could put pressure on boards and executives as generative AI tools become more widely available.
The research also points to ongoing internal alignment challenges. Although 52% of senior executives said they are less likely than a year ago to treat cybersecurity as a siloed function, only 45% of CISOs believe business risk appetite is effectively aligned with cybersecurity risk management.
Budget integration remains limited, with 37% reporting that cybersecurity budgets are embedded into projects from the outset.
Governance capability was identified as a key barrier, with 60% citing a lack of understanding of cyber resilience among governance teams, alongside unclear ownership structures. While 55% said cybersecurity is increasingly treated as a shared leadership responsibility with defined KPIs and metrics, only 43% described their organisation as having a truly effective cybersecurity culture.
Software supply chain exposure emerged as another area of concern. Just 31% of CISOs believe their greatest security risk could originate from the software supply chain, and 25% identified assigning confidence levels to suppliers as a priority to improve visibility into third-party risk.
"CISOs are no longer just protecting the business, they are actively letting it. Organisations that invest in cyber resilience are better positioned to scale AI, innovate faster, and pursue new opportunities. But to fully unlock that value, leaders must close critical gaps in AI security readiness, software supply chain visibility, and executive alignment,” LevelBlue chief security and trust officer Kory Daniels said.
