Heimdal Survey: Executives Four Times More Confident About AI Risk Than the Teams Managing It
Cybersecurity NewsArchived Jun 17, 2026✓ Full text saved
London, United Kingdom, June 17th, 2026, CyberNewswire New research from cybersecurity company Heimdal finds 29% of US executives say AI risk is under control, against 7% of the practitioners running it day-to-day. Across 1,000 IT professionals in the UK and US, AI adoption has outpaced security controls by roughly two to one. Heimdal today published […] The post Heimdal Survey: Executives Four Times More Confident About AI Risk Than the Teams Managing It appeared first on Cyber Security News .
Full text archived locally
✦ AI Summary· Claude Sonnet
HomePress Release
Heimdal Survey: Executives Four Times More Confident About AI Risk Than the Teams Managing It
By Cybernewswire
June 17, 2026
London, United Kingdom, June 17th, 2026, CyberNewswire
New research from cybersecurity company Heimdal finds 29% of US executives say AI risk is under control, against 7% of the practitioners running it day-to-day. Across 1,000 IT professionals in the UK and US, AI adoption has outpaced security controls by roughly two to one.
Heimdal today published The State of AI Risk Management in 2026, a survey of 1,000 IT professionals across the United Kingdom and the United States.
The report’s headline finding is a divide inside the same organizations: the closer a person sits to the day-to-day running of AI, the less confident they are that the risk is contained. In the US, 29% of C-suite and VP respondents say their organization has AI risk under control, against 7% of the mid-level practitioners managing it.
In the UK, the gap runs the same way, 18% to 11%. Both gaps are statistically significant.
AI tools are already present across most IT estates, and most teams run several at once.
The controls have not kept pace. Across both markets, the report finds adoption has outrun security controls by roughly two to one.
The survey also records a counterintuitive pattern: the teams that see their AI use most clearly are the most concerned about it, not the least.
Heimdal’s report describes visibility as the diagnosis rather than the cure.
In an incident publicly disclosed in January 2026, the acting director of CISA, the United States cybersecurity agency, uploaded documents marked “For Official Use Only” to public ChatGPT in mid-2025.
The agency’s own monitoring flagged the activity within a week, but the use policy had not prevented it.
Key findings
Executive confidence outruns the frontline. In the US, 29% of executives say AI risk is under control, against 7% of practitioners. In the UK, 18% against 11%.
AI is already embedded. ChatGPT runs in 72% of UK IT environments and 69% of US environments, and Microsoft Copilot in 68% of UK and 59% of US.
Readiness lags adoption. Only around 4 in 10 teams rate their security stack as ready for AI-related risk.
Concern rises with visibility. Among UK teams with full visibility into AI use, 56% flag data leakage as a top concern, against 27% of teams with none. In the US the figure is 59% among teams with full visibility.
Operational load is high. Nearly three-quarters of IT and security teams lose at least a quarter of their week to repetitive, low-value work, and around one in three lose more than half.
The most overloaded teams are the most optimistic about AI. 59% of the most overloaded US teams, and 55% in the UK, expect AI to ease the load.
“Misplaced confidence is one of the most dangerous things in security. This data shows executives are far more confident that AI risk is under control than the evidence supports. Most of the conversation right now is about productivity, when the bigger question is how AI can be turned against the business. The report shows the gap between how secure leaders feel and how secure they actually are,” said Adam Pilton, Cybersecurity Advisor at Heimdal.
Independent security researcher Rafay Baloch, CEO and Founder of REDSECLABS, added: “The risk that concerns me most is not AI itself but the blind spots it can create. When teams use AI tools without clear oversight, sensitive information, intellectual property, and business data can end up in places leaders never intended. Many organizations believe having an AI policy means they are prepared, but a policy alone does not create visibility. The companies seeing the best results are not the ones trying to restrict AI. They are the ones creating clear guardrails while helping employees use AI responsibly.”
The report concludes that organizations should treat AI as part of the core IT estate, applying the same scrutiny to AI services as to any other critical supplier, including procurement review, contractual data-handling terms, a current inventory of sanctioned and unsanctioned AI tools, and technical controls over access, execution, action chains, and privilege.
The full report is available at https://heimdalsecurity.com/blog/state-ai-risk-management/
About the Research
The State of AI Risk Management in 2026 is based on a survey of 1,000 IT professionals (500 UK, 500 US), conducted via Pollfish from 1 to 8 May 2026. The sample spans six seniority tiers from entry-level through C-suite and VP.
About Heimdal
Heimdal is a global cybersecurity provider offering a unified security and compliance platform across endpoint, identity, email, network, and access security. More than 17,000 customers in over 40 countries use its 12-plus integrated products to prevent threats, detect breaches, and automate response.
Contact
Head of Content
Danny Mitchell
Heimdal
dmi@heimdalsecurity.com
Copy URL
Linkedin
Twitter
ReddIt
Telegram
Cybernewswirehttps://cybernewswire.com/
A PR Newswire Syndication Platform for Cybersecurity Companies.
Trending News
Hackers Compromised 140+ Mastra npm Packages to Deploy Password-Stealing Malware
WinRAR Vulnerability Exploited by Russian Hackers to Deploy GIFTEDCROOK Stealer
ClickFix Campaign Uses EtherHiding and GULoader to Infect Windows Users via Fake CAPTCHA
Maine Takes Data Breach Reporting Portal Offline After Fake VRChat and Discord Filings
U.S. Commerce Dept Imposes Export Controls on Anthropic’s Claude Mythos 5 and Fable 5
Latest News
Cyber Security News
FishMonger Hackers Expands SprySOCKS Backdoor From Linux to Windows With Advanced Stealth Features
Cyber Security News
ErrTraffic MaaS Uses Fake reCAPTCHA and Cloudflare Turnstile Lures to Execute PowerShell Commands
Cyber Security News
Multiple JetBrains IDE Plugins 70,000+ Installs Caught Stealing AI keys
Cyber Security News
CISA Warns of Oracle PeopleSoft 0-Day Vulnerability Exploited in Ransomware Attacks
Cyber Security News
Fortra Access Manager Vulnerability Enables Remote Command Injection Attacks