Dear CIO,
A new EY report, Cyber and AI Oversight Disclosures: What Companies Shared in 2025, signals a clear shift in how corporate boards, especially within the Fortune 100, are adapting to an era shaped by artificial intelligence and cyber threats. In this newsletter, I am going to cover some of the key findings from the report.
Best Regards,
John, Your Enterprise AI Advisor
AI Is Boardroom Business
How Corporate Boards Are Adapting To AI And Cyber Threats
AI Moves to the Center of Risk Oversight
In just a year, the number of Fortune 100 companies explicitly identifying AI within their risk oversight frameworks has tripled, climbing to 48%. Forty percent have now assigned AI governance to at least one board-level committee, and over a third say AI expertise is a desired skill for directors, with many even listing it in board biographies.
This is not just optics, though. It reflects a growing awareness that AI is both a strategic differentiator and a potential liability. Whether it is unapproved use of AI tools leaking sensitive data or deepfakes undermining brand trust, AI is now both an innovation story just as it is a risk story.
Cyber Governance Is Now the Baseline
Cybersecurity remains a board-level priority. According to the report, 96% of companies assign cyber risk to at least one board committee, and 78% place it under audit’s remit. Most are aligning their programs with external standards like NIST CSF 2.0, PCI DSS, and SOC 2.
Boards are also getting more proactive by running tabletop exercises and recruiting directors with technical cybersecurity expertise. The days of “check-the-box” oversight are fading. Risk literacy is becoming table stakes.
What This Means for CIOs
The lines between AI risk and cybersecurity are blurring, and boards are catching on. For CIOs, this is the time to step up. Expect the following to be on your radar:
Defining ownership. Be clear on where board responsibility ends and management begins when it comes to AI oversight.
Integrating ethics and risk. Build AI governance into your broader risk management frameworks, including model transparency, usage monitoring, and ethical guardrails.
Staying aligned. Keep pace with evolving global cybersecurity standards and ensure your AI infrastructure does not lag behind.
Bottom Line
The boardroom is no longer passively observing technology strategy. It is actively demanding transparency, discipline, and accountability. For CIOs, this is an opportunity to lead, not just the tech, but the governance maturity that must come with it.Now is the time to close the gap between digital ambition and operational accountability because the future of AI in the enterprise depends on it.
Source: EY, Cyber and AI Oversight Disclosures in 2025
How did we do with this edition of the AI CIO?
Grant Gross dives into a recent survey citing regulatory fragmentation as a top concern.
Ravie Lakshmanan reports on findings uncovering a sophisticated AWS breach involving a Jenkins vulnerability, a malicious Docker image, and a new Golang rootkit LinkPro deployed via Kubernetes.
Alessandro Mascellino highlights a report showing AI’s dual role in cybersecurity as Microsoft flagged a surge in automated threats, real-time adaptive malware, and credential-based attacks.
Phil Muncaster covers a report exposing widespread financial losses from AI misuse as UK firms struggled with governance, misidentified risk controls, and lacked policies for AI systems.
Jen Easterly criticizes systemic reliance on insecure legacy code as the root of U.S. cyber vulnerabilities and urges AI-driven reform.
Jonathan Greig looks at CISA’s warning after a nation-state actor accessed F5 source code and undisclosed vulnerabilities.
Emma Woollacott writes about a report showing that a majority of employees have used unapproved AI tools at work.
Last but not least, I will be giving a talk at the DevOps for GenAI Hackathon on November 3rd in Toronto.
The Artificially Intelligent Enterprise discusses the AI Bubble.
AI Tangle covers OpenAI’s five-year plan to surge to $1 trillion in revenue, Google’s upgraded Veo 3.1 model, and the release of Anthropic’s Claude Haiku 4.5.
Dear CIO is part of the AIE Network. A network of over 250,000 business professionals who are learning and thriving with Generative AI, our network extends beyond the AI CIO to Artificially Intelligence Enterprise for AI and business strategy, AI Tangle, for a twice-a-week update on AI news, The AI Marketing Advantage, and The AIOS for busy professionals who are looking to learn how AI works.
