New report finds only half of CISOs feel prepared to defend against AI-driven threats
Dallas, TX – February 11, 2026 – LevelBlue, the world’s largest pure-play provider of managed security services, today released its latest research report, Persona Spotlight: CISO (Chief Information Security Officer), part of the company’s ongoing research into how cybersecurity leaders are navigating an increasingly complex threat landscape while enabling sustainable business growth. The report builds on insights from LevelBlue’s 2025 Futures Report: Cyber Resilience and Business Impact and finds that while high-profile attacks have put cybersecurity top of mind for businesses, CISOs must become more comfortable with emerging areas of security to defend against new and evolving threats.
Are CISOs prepared to defend against today’s cyber threats?
Nearly two-thirds (60%) of CISOs say they are highly competent in cyber resilience, core security operations, and collaboration with the broader business – underscoring how the role has evolved beyond traditional defense. In fact, 61% report that their adaptive cybersecurity approach enables the business to take greater risks in innovation.
However, confidence drops sharply when it comes to AI-driven threats. Only 53% of CISOs say they feel prepared to defend against AI-enabled adversaries, even though 45% expect AI-powered or deepfake attacks to impact their organizations within the next 12 months.
Is cybersecurity seen as a shared responsibility?
Encouragingly, cybersecurity is no longer seen as an isolated function. More than half (52%) of senior executives are less likely than they were a year ago to treat cybersecurity as a silo, signaling growing recognition of enterprise-wide responsibility.
Still, internal alignment remains a major challenge:
-
Only 45% of CISOs believe business risk appetite is effectively aligned with cybersecurity risk management
-
Just 37% say cybersecurity budgets are embedded into projects from the start
-
Nearly two-thirds (60%) cite governance teams’ lack of understanding of cyber resilience as a key barrier to progress, along with unclear ownership
How are CISOs pushing cybersecurity deeper into the business?
To overcome these challenges, CISOs are pushing cybersecurity deeper into the business and seeing early results. More than half (55%) say cybersecurity is increasingly treated as a shared leadership responsibility, with defined KPIs and metrics. Meanwhile, 57% report effective communication between security teams and the wider organization.
Even so, only 43% say their organization has a truly effective cybersecurity culture, underscoring the need for continued investment in education, governance, and accountability.
What is a top blind spot for CISOs?
Despite heightened regulatory scrutiny and a growing number of supply chain–based attacks, the report reveals a troubling disconnect:
-
Only 31% of CISOs believe their greatest security risk could originate from the software supply chain
-
Just 25% say assigning confidence levels to suppliers is a priority for improving supply chain visibility
This lack of visibility leaves organizations vulnerable to cascading risks beyond their direct control.
“Security leaders and CISOs are no longer just protecting the business — they are actively enabling it,” said Kory Daniels, Chief Security & Trust Officer at LevelBlue. “It is difficult to have meaningful conversations about client trust and supply chain trust without investing in the people, processes, and technologies that underpin a strong security program. Organizations that invest in cyber resilience are better positioned to earn and sustain consumer trust while embracing AI and other emerging technologies. To take that next step, business leaders must close critical gaps in AI security readiness, software supply chain visibility, and executive alignment.”
How can CISOs improve cyber resilience?
Based on the findings, LevelBlue recommends that organizations:
-
Strengthen executive alignment to connect cyber resilience strategy with measurable business value
-
Deepen business–security collaboration to identify integration gaps and accelerate progress
-
Leverage external expertise to build momentum and address specialized challenges
-
Prioritize software supply chain risk by identifying urgent exposures and driving focused improvements
To download the full report, visit our website. For more information on LevelBlue and its managed security, consulting, and threat intelligence services, please visit www.levelblue.com.
About LevelBlue
LevelBlue reduces risk and builds lasting resilience so organizations can innovate and advance their mission with confidence. As the world’s most analyst-recognized and largest pure-play managed security services provider, LevelBlue elevates client outcomes that matter: stronger defense, faster response, and sustained business continuity. LevelBlue combines AI-powered security operations, advanced threat intelligence, and elite human expertise to provide the most comprehensive portfolio of strategic advisory, managed security, offensive security, and incident response services. Learn more at levelblue.com.
