C-Suite’s Rush to AI Blinds Leadership to Critical Security Failures, Leaving Organisations Exposed

New Delhi, India, 7th oct 2025: ,tificial intelligence, a growing disconnect between innovation and cybersecurity is placing enterprises at heightened risk. According to Tenable’s State of Cloud and AI Security 2025 report, this imbalance—fueled by outdated assumptions and reactive metrics—is exposing critical vulnerabilities and undermining executive decision-making.

Liat_Hayun_Tenable

Commissioned by Tenable in collaboration with the Cloud Security Alliance, the study surveyed over 1,000 IT and security professionals worldwide, including participants from India.

 Key Findings:

  • 2.17 cloud-related breaches were reported per organization over the past 18 months.

  • Yet, only 8% of those incidents were classified as “severe,” indicating potential underreporting or minimization of risks.

  • Top breach causes include misconfigured cloud services (33%) and excessive user permissions (31%)—both preventable with proactive security measures.

  • 55% of organizations are using AI in active business operations, but 34% have already experienced AI-related breaches.

 Reactive Mindset Undermining Security

The report highlights that most organizations remain trapped in a “rearview mirror” approach to cybersecurity. Instead of focusing on proactive risk reduction, security teams measure past incidents as their key performance indicators (KPIs). The most commonly tracked KPI—frequency and severity of security incidents (43%)—offers little value in threat prevention.

“Leaders are understandably excited about the promise of AI,” said Liat Hayun, VP of Product and Research at Tenable. “But they’re applying 21st-century technology to a 20th-century security mindset. They’re measuring the wrong things and worrying about futuristic AI threats while ignoring the foundational weaknesses attackers are exploiting today. This isn’t a technology problem—it’s a leadership and strategy issue.”

AI Adoption Outpaces Security Preparedness

While attention is increasingly drawn to theoretical, AI-native threats like model manipulation, actual breaches are being caused by basic security failures:

  • Exploited software vulnerabilities (21%)

  • Insider threats (18%)

  • Misconfigured AI tools and settings (16%)

This gap between perceived and actual threats suggests that leadership may be misaligned in setting priorities.

 Complexity, Assumptions, and the Need for a Strategic Reset

In today’s hybrid, multi-cloud environments where 82% of organizations use a hybrid model and 63% operate across multiple cloud platforms executives often overestimate the security offered by cloud providers.
Key challenges include:

  • Lack of visibility (28%)

  • Overwhelming complexity (27%)

Yet, strategic solutions are underutilized:

  • Only 20% of organizations prioritize unified risk assessments

  • Just 13% focus on tool consolidation to reduce complexity

The Leadership Imperative

The report concludes that true security resilience requires a strategic reset at the leadership level. Until decision-makers shift from reactive operations to risk-aligned, proactive strategies, even the most capable security teams will remain hamstrung unable to scale or adapt to evolving threats.