AI Innovation Surges as Security Fundamentals Lag, Kroll Research Finds

• 76% of organizations have experienced a security incident involving AI applications or models in the past two years.

• 27% of organizations report costs exceeding $1 million from AI-related security incidents.

• As organizational cyber maturity increases, the likelihood of experiencing an incident involving AI reduces significantly, from 89% (very low maturity) to 54% (very high maturity).

Kroll, the leading independent provider of global financial and risk advisory solutions, has released global cyber resilience research which reveals that rapid artificial intelligence (AI) adoption is dramatically outpacing governance, security controls and incident preparedness.

Recommended: AI in Enterprise Applications: From CRM to ERP Transformation

It has become clear that AI, and in particular agentic AI, has changed the threat model permanently. The research results indicate that while AI is becoming embedded across enterprise operations, 76% of businesses have experienced a security incident involving AI applications or models in the past two years. The research reveals organizations lack the foundational security practices and governance frameworks necessary to deploy AI safely and effectively, costing almost one-third of organizations (27%) over one million dollars related to AI-related security incidents.

While there is appetite to incorporate the promise of AI into security infrastructure, 90% of respondents surveyed identified barriers preventing greater investment in AI security. Lack of clear ROI, insufficient executive understanding of AI risks and the belief that current measures are sufficient account for 40% of those barriers.

The Innovation-Security Trade-Off

The research shows that most organizations are inadequately prepared for AI threats, despite the rapid increase in attacks.

• Organizations spend an average of 13% of their AI initiative budget on using AI to test security controls or to test the models themselves, leaving critical gaps in AI security posture and illuminating a disconnect between AI adoption and AI security investment.
• Companies with highly mature security practices are six times more likely to spend over 20% of their AI budget on testing security controls.
• Almost half (48%) of respondents stated they have little to no organizational governance on AI tool and service adoption, creating an expanded attack surface that extends far beyond the organization’s traditional perimeter.

Dave Burg, Global Group Head of Cyber and Data Resilience at Kroll, says, “Organizations are under pressure to embrace AI to respond faster and with greater precision to increasingly complex threats. However, this cannot come at the expense of the basics for prevention, detection and responding to attacks. We’re seeing businesses enthusiastically integrate AI into their operations without getting the fundamentals right first, and that’s creating a dangerous security debt.

The real story isn’t that AI is risky; it’s that without the right foundational security in place, AI amplifies existing security weaknesses. Fortunately, there are opportunities for organizations to remediate this. Kroll was recently among industry leaders joining CrowdStrike’s Charlotte AI AgentWorks Ecosystem which helps operationalize AI within managed detection and response, building tailored agents that accelerate investigations and response.”

Recommended: ITTech Pulse Exclusive Interview with Aaron Fulkerson, Chief Executive Officer at OPAQUE

Maturity Matters: Organizations with Strong Foundations Experience Significantly Fewer AI Incidents

As organizational cyber maturity increases, the likelihood of experiencing an AI-related security incident drops significantly:

• 89% of organizations with very low cyber maturity experience AI-related security incidents.
• In contrast, 54% of organizations with very high cyber maturity experience AI-related security incidents.
• Even further, 46% of organizations with very high cyber maturity reported zero AI-related cyber incidents in the past two years, demonstrating that robust security foundations directly translate to AI security resilience.
• This is understandable as 69% of organizations with very high cyber maturity have a centralized AI platform strategy with security controls, compared to just 39% of those with very low cyber maturity.

Quiessence Philips, Head of Security Architecture and Engineering at Kroll, says, “AI’s ability to accelerate productivity and innovation is undeniable, and the goal is not to slow it down. However, adoption without concurrent investment in security foundations is not bold, it’s reckless. The agentic AI ecosystem is now the fastest-growing enterprise attack surface, and the organizations most at risk are the ones chasing the opportunity without building security alongside it. Secure architecture, identity management, incident response, security culture – these aren’t limitations on innovation, but what make innovation sustainable.”

Write to us [⁠wasim.a@demandmediaagency.com] to learn more about our exclusive editorial packages and programmes.