Key Takeaways

• 76% of organizations have experienced a security incident involving AI applications or models in the past two years.
• 27% of organizations report costs exceeding $1 million from AI-related security incidents.
• As organizational cyber maturity increases, the likelihood of experiencing an incident involving AI reduces significantly, from 89% (very low maturity) to 54% (very high maturity).

NEW YORK, April 21, 2026 /PRNewswire/ — Kroll, the leading independent provider of global financial and risk advisory solutions, has released global cyber resilience research which reveals that rapid artificial intelligence (AI) adoption is dramatically outpacing governance, security controls and incident preparedness.

It has become clear that AI, and in particular agentic AI, has changed the threat model permanently. The research results indicate that while AI is becoming embedded across enterprise operations, 76% of businesses have experienced a security incident involving AI applications or models in the past two years. The research reveals organizations lack the foundational security practices and governance frameworks necessary to deploy AI safely and effectively, costing almost one-third of organizations (27%) over one million dollars related to AI-related security incidents.

While there is appetite to incorporate the promise of AI into security infrastructure, 90% of respondents surveyed identified barriers preventing greater investment in AI security. Lack of clear ROI, insufficient executive understanding of AI risks and the belief that current measures are sufficient account for 40% of those barriers.

The Innovation-Security Trade-Off

The research shows that most organizations are inadequately prepared for AI threats, despite the rapid increase in attacks.

• Organizations spend an average of 13% of their AI initiative budget on using AI to test security controls or to test the models themselves, leaving critical gaps in AI security posture and illuminating a disconnect between AI adoption and AI security investment.
• Companies with highly mature security practices are six times more likely to spend over 20% of their AI budget on testing security controls.
• Almost half (48%) of respondents stated they have little to no organizational governance on AI tool and service adoption, creating an expanded attack surface that extends far beyond the organization’s traditional perimeter.

Dave Burg, Global Group Head of Cyber and Data Resilience at Kroll, says, “Organizations are under pressure to embrace AI to respond faster and with greater precision to increasingly complex threats. However, this cannot come at the expense of the basics for prevention, detection and responding to attacks. We’re seeing businesses enthusiastically integrate AI into their operations without getting the fundamentals right first, and that’s creating a dangerous security debt.

The real story isn’t that AI is risky; it’s that without the right foundational security in place, AI amplifies existing security weaknesses. Fortunately, there are opportunities for organizations to remediate this. Kroll was recently among industry leaders joining CrowdStrike’s Charlotte AI AgentWorks Ecosystem which helps operationalize AI within managed detection and response, building tailored agents that accelerate investigations and response.”

Maturity Matters: Organizations with Strong Foundations Experience Significantly Fewer AI Incidents

As organizational cyber maturity increases, the likelihood of experiencing an AI-related security incident drops significantly:

• 89% of organizations with very low cyber maturity experience AI-related security incidents.
• In contrast, 54% of organizations with very high cyber maturity experience AI-related security incidents.
• Even further, 46% of organizations with very high cyber maturity reported zero AI-related cyber incidents in the past two years, demonstrating that robust security foundations directly translate to AI security resilience.
• This is understandable as 69% of organizations with very high cyber maturity have a centralized AI platform strategy with security controls, compared to just 39% of those with very low cyber maturity.

Quiessence Philips, Head of Security Architecture and Engineering at Kroll, says, “AI’s ability to accelerate productivity and innovation is undeniable, and the goal is not to slow it down. However, adoption without concurrent investment in security foundations is not bold, it’s reckless. The agentic AI ecosystem is now the fastest-growing enterprise attack surface, and the organizations most at risk are the ones chasing the opportunity without building security alongside it. Secure architecture, identity management, incident response, security culture – these aren’t limitations on innovation, but what make innovation sustainable.”

You can access the full report on the Kroll website.

You can also register for the webinar discussing these results in-depth here.

About the Research

Kroll commissioned independent research firm Sapio Research to conduct a comprehensive study into cybersecurity resilience and risk alignment in enterprise organizations. The research surveyed 1,000 cybersecurity decision-makers at companies with annual revenues from $50 million to more than $5 billion across 10 countries: the United Kingdom, Ireland, Germany, Switzerland, the United States, Japan, Singapore, Australia, the United Arab Emirates and Saudi Arabia. The survey was conducted in November and December 2025.

About Kroll

As the leading independent provider of financial and risk advisory solutions, Kroll leverages our unique insights, data and technology to help clients stay ahead of complex valuation demands. Kroll’s team of more than 6,500 professionals worldwide continues the firm’s nearly 100-year history of trusted expertise spanning risk, governance, transactions and valuation. Our advanced solutions and intelligence provide clients the foresight they need to create an enduring competitive advantage. At Kroll, our values define who we are and how we partner with clients and communities. Learn more at kroll.com.

View original content to download multimedia:https://www.prnewswire.com/news-releases/ai-innovation-surges-as-security-fundamentals-lag-kroll-research-finds-302747672.html

SOURCE Kroll