London, United Kingdom, June 17th, 2026, CyberNewswire
Recent research conducted by Homeland, a leading cybersecurity firm, reveals a significant disparity between executive confidence and frontline realities regarding artificial intelligence (AI) risk management in organizations. The findings highlight that while 29% of US executives feel that AI risks are well-controlled, a stark contrast is evident among the practitioners who manage these systems daily, with only 7% expressing similar confidence. This trend is mirrored in the UK, where 18% of executives report a sense of control over AI risks, compared to just 11% of mid-level practitioners.
The report, titled The State of AI Risk Management in 2026, surveyed 1,000 IT professionals across both the United Kingdom and the United States. What emerged from the study is not merely a representation of statistics, but rather a narrative that underscores a worrying disconnect within organizations themselves. As it stands, those who are entrenched in the day-to-day operations of AI systems are significantly less optimistic about the risks compared to their higher-ranking colleagues.
AI technologies have penetrated the IT landscape extensively, with many teams utilizing multiple AI tools simultaneously. However, the report indicates that existing security controls have not kept pace with this rapid adoption. The adoption of AI across both nations outstrips the implementation of security measures by nearly two to one. This astonishing vacuum of security preparedness prompts more questions than solutions, particularly considering the increasing complexity and potential vulnerabilities presented by AI.
A notable pattern identified in the research highlights an intriguing paradox: teams that are most aware of their AI usage often express the greatest concerns over its risks. This visibility, rather than being a cure-all, has become more of a diagnosable issue—highlighting the challenges organizations face in ensuring that their AI tools do not inadvertently breach security protocols.
An incident that underscores these concerns occurred in January 2026, when the acting director of the Cybersecurity and Infrastructure Security Agency (CISA) in the United States mistakenly uploaded sensitive documents labeled "For Official Use Only" to the public version of ChatGPT in mid-2025. Although the agency’s monitoring systems flagged this troubling behavior within a week, regulations had failed to prevent the incident in the first place.
Key Findings from the Research:
-
Executive Confidence vs. Practitioners’ Reality: In both the US and UK, a glaring gap exists between the confidence levels of executives and frontline practitioners regarding AI risk management. This disparity raises alarms about a prevailing sense of overconfidence.
-
Widespread AI Adoption: Approximately 72% of IT environments in the UK and 69% in the US are already utilizing AI tools like ChatGPT, with Microsoft Copilot being implemented in 68% of UK and 59% of US environments.
-
Security Readiness Lags: Only about 40% of teams believe their security infrastructure is adequately prepared to handle AI-related risks, revealing a significant gap in readiness amid growing dependencies.
-
Concerns Linked to Visibility: Among teams with comprehensive insights into their AI usage, 56% of UK respondents cited data leakage as a major concern, a figure that rises to 59% in similar US teams.
-
Operational Demand on Teams: Nearly three-quarters of IT and security teams report losing at least a quarter of their working time to repetitive, low-value tasks, with one-third indicating that more than half of their week is consumed by such duties.
- Optimism Amid Overload: Interestingly, the most burdened teams remain hopeful, with 59% of typically overburdened teams in the US and 55% in the UK expecting AI to alleviate their workload.
According to Adam Pilton, a Cybersecurity Advisor at Heimdal, “Misplaced confidence is one of the most dangerous elements in security. This data illustrates that executives hold a far more optimistic view of AI risks than is warranted by the realities on the ground. While discussions tend to focus on productivity enhancements, the pressing inquiry should revolve around how AI might potentially be weaponized against the very organizations looking to implement it. This report exposes the gap between perceived security and actual vulnerability.”
Adding to this discourse, independent security expert Rafay Baloch, CEO and Founder of REDSECLABS, expressed concerns about the blind spots that AI might create. He noted that without stringent oversight, the use of AI tools could lead to exposing sensitive information, intellectual property, and business data. Baloch emphasized that simply possessing an AI policy does not guarantee an organization’s preparedness; rather, true preparedness stems from a clear vision and structured guidelines.
The report urges organizations to integrate AI into their fundamental IT framework, advocating for the same level of scrutiny applied to AI services as to any other key supplier. This recommendation encompasses contract reviews, inventory assessments of AI tools, and established technical controls around access and data operation.
For those seeking deeper insights, the comprehensive report can be accessed at Heimdal Security’s dedicated page.
About the Research
The State of AI Risk Management in 2026 is based on a robust survey of 1,000 IT professionals (500 from the UK and 500 from the US) conducted via Pollfish within the first week of May 2026. This research encompasses six seniority tiers, from entry-level positions to C-suite executives.
About Heimdal
Heimdal is a global cybersecurity provider that presents a unified security and compliance platform aiming to safeguard endpoint, identity, email, network, and access security. With over 17,000 clients spanning more than 40 countries, Heimdal offers more than twelve integrated products designed to prevent threats, detect breaches, and automate responses.
Contact Information
For further inquiries, please get in touch with:
Danny Mitchell
Head of Content
Heimdal
[Email Contact](mailto:[email protected])