AI Is Reshaping Cyber Risk. Boards Need to Manage the Threat.

Source: Harvard Business Review

Author: Hise O. Gibson

URL: https://hbr.org/2026/04/ai-is-reshaping-cyber-risk-boards-need-to-manage-the-threat

ONE SENTENCE SUMMARY:

AI-driven cyber threats create a BANI world; leaders must adopt ACTS to build resilience, governance, fluency, and breach readiness.

MAIN POINTS:

1. Average AI-enabled breach costs $4.88M, excluding reputational, regulatory, and cascading operational impacts.
2. Deepfakes can rapidly destabilize markets, geopolitics, and public trust before verification catches up.
3. Zelensky surrender deepfake illustrates AI misinformation is already operational, not hypothetical.
4. Cheaper, accessible generation tools increase speed, scale, and believability of adversarial content.
5. Public-facing application attacks rose 44% year-over-year, increasingly exploiting AI-enabled vulnerabilities.
6. Adaptive attacks can autonomously probe defenses, evolve tactics, and exploit weaknesses in real time.
7. Accenture reports 77% of organizations lack basic data and AI security practices.
8. VUCA framing is outdated; BANI better reflects brittle, anxious, nonlinear, incomprehensible threat conditions.
9. NotPetya showed single points of failure can halt global operations within minutes.
10. ACTS framework urges assuming breaches, building AI fluency, operationally anchored AI, and stronger governance.

TAKEAWAYS:

1. Plan for inevitable compromise with zero trust, segmentation, backups, and crisis rehearsals.
2. Operational resilience matters: prove you can run 48 hours without digital systems.
3. Build AI literacy across leadership via training, reverse mentoring, and adaptable hiring.
4. Scale only AI initiatives tied to core operations with clear ROI and measurable outcomes.
5. Establish cross-functional AI governance with ethics, bias testing, and preassigned accountability.