The changing role of the CISO in the age of AI

Introduction from Paul Savill, Global Practice Leader, Cyber Resilience & Connectivity

CISOs face increasing demands that go beyond being security gatekeepers. They now influence AI strategy and investments, and help executive boards balance risk and reward. CISOs are no longer just protectors of the enterprise — they are enablers of growth.

We spoke with 200+ CISOs across the globe to understand how they are meeting the moment. Their remarks and related insights from Kyndryl's resiliency experts shape the report: “CISO priorities in the AI Era: Balancing Security and Innovation for a Resilient, AI-native Enterprise.”

Get the report

The report explores three key themes

01

Risk and compliance have become strategic business levers

CISOs must translate cyber and AI risk into financial, operational and strategic impact to give boards clarity on how risk affects profitability, resilience and growth.

What’s driving this shift:

  • AI expands the attack surface and introduces new dimensions of risk
  • Boards demand business-aligned risk narratives 
  • Governance must evolve to match AI-driven complexity 

02

Identity and access management must evolve for nonhuman entities

Identity is now the enterprise’s primary control plane.  Enterprises must govern AI agents, and their access to APIs and workloads, as if they were digital employees.

What’s driving this shift:

  • Explosion of machine identities
  • AI agents making autonomous authorization decisions
  • Opaque risks tied to model choice, data provenance and tool access

03

Vendor ecosystems require measurable, continuous oversight

The boundaries between enterprises and vendors are dissolving — and regulators expect proof of active oversight, not trust-based assurances.

What’s driving this shift:

  • AI-embedded vendor tools introduce hidden risks
  • Small vendors often lack enterprise-grade controls
  • Annual questionnaires are no longer sufficient
Black woman working in office and futuristic graphical user interface concept.

How do we use AI to be more productive while being safe? I'm not looking to block it or prevent it. Instead, I'm looking to use it and see how we can do that most efficiently and effectively without the security implications.

CISO for a global enterprise

Learn more about redefining security for the agentic AI era

Join the CISO Expert Exchange community
Read “Redefining Security for the Agentic AI Era”
Download “2025 Kyndryl Readiness Report: Security and Networks Snapshot”

To learn more about how Kyndryl can help you navigate cyber risk with confidence, please visit our security solutions website

Learn more