New report finds just 20% of CIOs feel highly effective at defending against AI-enabled adversaries.
Dallas, TX – February 25, 2026 – LevelBlue, the world’s largest pure-play provider of managed security services, today released Persona Spotlight: CIO (Chief Information Officer), the latest report in its ongoing research examining how technology leaders are navigating cyber resilience in an era of rapid digital transformation.
Building on insights from LevelBlue’s 2025 Futures Report: Cyber Resilience and Business Impact, the findings highlight tension for today’s CIOs: AI is fueling innovation and operational efficiency, yet it is simultaneously expanding the threat landscape. While CIOs are moving aggressively to modernize security capabilities, many acknowledge their defenses are still catching up to adversaries leveraging AI.
CIOs overwhelmingly view AI as central to competitive advantage, with 71% stating their adaptive cybersecurity approach enables the organization to take greater risks in innovation.
However, confidence drops when confronting AI-enabled cyber attacks. Only one in five CIOs says they are highly effective at defending against adversaries using AI techniques. The same proportion says they are highly effective at implementing and using AI to enhance cybersecurity.
Concern is rising quickly, as:
51% believe AI-powered attacks are likely within the next 12 months
Only one-third say their organization is prepared to manage that threat
72% say AI-driven security tools will be essential to improving detection and response
This imbalance signals that while investment is accelerating, capability maturity has not yet reached the level of anticipated threat exposure.
Unlike traditional security silos, CIOs are increasingly embedding cyber resilience into enterprise transformation initiatives. Nearly half (49%) plan to prioritize integrating cybersecurity across lines of business and projects in the next 12 months, significantly higher than the cross-leadership average. Additionally, 39% intend to increase boardroom engagement in cyber resilience discussions.
Media reports of high-profile breaches are helping generate momentum, with 73% stating publicized attacks have elevated cybersecurity discussions at the executive level, creating new opportunities for CIOs to influence strategy and funding.
Yet friction remains:
47% say executive leadership not prioritizing cyber resilience is a barrier to improvement
Fewer than half report KPIs effectively linking cybersecurity to business outcomes
49% do not believe business risk appetite is aligned with cybersecurity risk management
Only 31% say M&A cybersecurity due diligence is highly effective
The path forward requires converting heightened awareness into sustained operational discipline.
CIOs are committing moderate to significant investments across both foundational and AI-driven security capabilities. Notably, 80% are strengthening cyber resilience processes across the business, while 78% are prioritizing application security to address expanding attack surfaces. AI is central to these strategies, with 76% investing in machine learning for pattern matching to improve threat detection and 70% deploying generative AI to counter more sophisticated social engineering attacks.
At the same time, CIOs are preparing for more complex and high-impact incidents. Over the next two years, 47% plan to work with incident response specialists, compared with 23% who have done so in the past 12 months. Similarly, 36% plan to work with threat intelligence providers, up from 26% in the past year.
Software supply chain risk is a major concern for CIOs. More than half (56%) believe software supply chain attacks are imminent, yet just 22% say they have a highly effective view of the software supply chain.
In response, 70% are making moderate to significant investments in enhanced software supply chain security. Encouragingly, only 25% say AI has introduced additional risk to the software supply chain since adoption, suggesting confidence in its long-term potential to improve resilience.
Based on the findings, LevelBlue recommends that organizations:
Educate executive leadership on the risks and opportunities of AI in cyber resilience
Strengthen top-down alignment to embed cybersecurity across all business functions
Leverage external expertise to prepare for emerging threats
Improve visibility and due diligence across the software supply chain
“CIOs sit at the intersection of innovation and risk,” said Kory Daniels, Chief Security & Trust Officer at LevelBlue. “AI presents enormous opportunities to drive efficiency and growth, but it also increases adversary sophistication. Organizations that modernize security operations, strengthen supply chain transparency, and align executive priorities will be better positioned to lead confidently in an AI-driven economy.”
To download the full report, click here. For more information on LevelBlue, please visit www.levelblue.com.
LevelBlue reduces risk and builds lasting resilience so organizations can innovate and advance their mission with confidence. As the world’s most analyst-recognized and largest pure-play managed security services provider, LevelBlue elevates client outcomes that matter: stronger defense, faster response, and sustained business continuity. LevelBlue combines AI-powered security operations, advanced threat intelligence, and elite human expertise to provide the most comprehensive portfolio of strategic advisory, managed security, offensive security, and incident response services. Learn more at levelblue.com.