At the Gartner Security & Risk Management 2026 summit, enterprise leaders shifted their focus from initial AI adoption to operational maturity. CIOs now face the immediate challenge of establishing governance, workforce readiness, and resilience to manage AI systems at scale rather than simply deploying them.
The shift to evidence-based governance
Organizations are moving past the experimentation phase of generative AI. These tools are now embedded in daily business processes, requiring leaders to track adoption trends, monitor costs, and measure return on investment. Neil Cohen, vice president of marketing at Portal26, said conversations with enterprise customers have broadened beyond basic risk management. "AI is not about security," Cohen said. "AI is about how are you going to be more competitive."
Closing the proficiency gap
Technology deployment alone will not guarantee success if the workforce cannot support it. Victoria Cason, senior principal analyst at Gartner, highlighted a critical distinction between basic AI literacy and true AI proficiency. While literacy involves recognizing system limitations, proficiency requires practical skills like prompt engineering, model validation, and secure workflow integration.
"Cybersecurity has always had a talent problem," Cason said. "Now we don't have the right AI skills or we don't have enough AI skills." Management teams must prioritize role-specific training and cross-functional collaboration to bridge this gap, making AI for Executives & Strategy a necessary focus for organizational readiness.
Infrastructure and identity management
Foundational technology disciplines remain critical as AI systems become active participants in business workflows. John Walsh, field chief technology officer for government and critical industries at IGEL, argued that AI adoption exposes existing weaknesses in enterprise infrastructure. Organizations must rely on trusted endpoints, resilient architectures, and strict identity frameworks to manage advanced workloads.
As autonomous agents begin executing tasks independently, Walsh advised that security teams must adapt their access controls. "We need to treat it like a non-human identity," Walsh said.
Resilience as the primary strategy
Cybersecurity strategies must evolve beyond pure prevention to focus on operational recovery. Leigh McMullen, distinguished vice president analyst and Gartner Fellow, challenged the traditional mindset of simply stopping attacks or eliminating risk. He argued that organizations must build operating models capable of adapting and recovering when disruptions inevitably occur. "Resilience is the only strategy," McMullen said. This approach requires continuous testing of recovery capabilities and the modernization of aging systems to maintain business continuity.
Why this matters for management
Management professionals must stop measuring AI success by the number of tools deployed. The new metric for success is operational maturity. Leaders need to establish clear visibility into AI usage, fund structured workforce training, and enforce governance frameworks that treat AI agents with the same scrutiny as human employees.
Executives who build resilient, secure-by-design operating models will outpace competitors still trapped in the adoption phase. For those leading this charge, a dedicated AI Learning Path for CIOs provides the strategic framework needed to govern and scale these initiatives effectively.
Your membership also unlocks:
