As AI reshapes business, 90% of organizations are not adequately prepared to secure their AI-driven future, according to a new report from Accenture. Globally, 63% of companies are in the “Exposed Zone,” indicating they lack both a cohesive cybersecurity strategy and necessary technical capabilities.
Generative AI spend vs. security spend (Source: Accenture)
The urgency of embedding cybersecurity by design
The report reveals AI adoption has accelerated the speed, scale and sophistication of cyber threats, far outpacing current enterprise cyber defenses. For example, 77% of organizations lack the essential data and AI security practices needed to protect critical business models, data pipelines and cloud infrastructure.
“Rising geopolitical tensions, economic volatility and increasingly complex operational environments, coupled with AI-augmented attacks, are leaving organizations more vulnerable to cyber risks. This report serves as a wake-up call that cybersecurity can no longer be an afterthought. It must be embedded by design into every AI-driven initiative,” said Paolo Dal Cin, global lead, Accenture Security. “Taking this proactive approach will help ensure a competitive edge, strengthen customer loyalty and turn cybersecurity into a business enabler.”
AI cyber defenses
Despite the growth of AI enterprise adoption, only 22% of organizations have implemented policies and training for GenAI use. Furthermore, very few maintain a comprehensive inventory of AI systems, which is crucial for managing supply chain risks. Additionally, data protection remains inadequate, with only 25% of organizations fully leveraging encryption methods and access controls to protect sensitive information.
“The advancement of GenAI represents a profound paradigm shift in cybersecurity, bringing unique challenges and opportunities. By designing AI systems with security at their core and continuously monitoring and updating them, organizations can stay ahead of the most critical threats,” said Daniel Kendzior, global Data and AI Security Lead at Accenture. “Business resilience requires readiness to quickly response to disruptive forces and confidence in your organization’s ability to act effectively.”
The research also reveals widespread cybersecurity immaturity across regions, highlighting a gap between ambition and readiness. Only 14% of North American and 11% of European organizations have mature postures. In Latin America, 77% lack basic strategies and capabilities, while 71% of Asia-Pacific organizations remain in the “Exposed Zone,” facing serious operational and financial risk.
The cybersecurity maturity zones
The research identifies three distinct security maturity zones based on an organization’s cybersecurity strategy and technical capabilities. The top group, which Accenture calls the “Reinvention Ready Zone” comprising only 10% of organizations, have an adaptive resilient security posture that continuously evolves to counter emerging threats.
The middle 27% in the “Progressing Zone” show strength but struggle with defining strategic direction or implementing defenses.
The most at-risk group, in the “Exposed Zone,” makes up 63% of organizations characterized by limited cyber readiness and a reactive posture to threats. These conditions are exacerbated by complex AI environment and global risk factors.
Reinvention Ready companies, however, are 69% less likely to face advanced attacks and are 1.5 times more effective at blocking them. They also have 1.3 times greater visibility across IT and OT environments, have reduced technical debt by 8% and see a 15% boost in customer trust, demonstrating how stronger cybersecurity practices drive both resilience and business value.
Actions to become reinvention ready
Four critical actions necessary to reach the “Reinvention Ready Zone” are:
- Develop and deploy a fit-for-purpose security governance framework and operating model accounting for the realities of an AI-disrupted world to establish accountability and align AI security with regulatory and business objectives.
- Design a digital core to be GenAI secure from the outset by embedding security into AI development, deployment and operational processes.
- Maintain resilient AI systems with secure foundations that proactively address emerging threats, enhance detection capabilities, enable AI-model testing and improve response mechanisms.
- Reinvent cybersecurity with GenAI by leveraging it to automate security processes, strengthen cyber defenses and detect threats sooner.
