{"slug": "heimdal-survey-executives-four-times-more-confident-about-ai-risk-than-the-teams", "title": "Heimdal Survey: Executives Four Times More Confident About AI Risk Than the Teams Managing It", "summary": "A Heimdal survey of 1,000 IT professionals in the UK and US reveals that 29% of US executives believe AI risk is under control, compared to only 7% of the practitioners managing it daily. The report finds AI adoption has outpaced security controls by roughly two to one, highlighting a dangerous confidence gap between leadership and frontline teams.", "body_md": "**New research from cybersecurity company Heimdal finds 29% of US executives say AI risk is under control, against 7% of the practitioners running it day-to-day. Across 1,000 IT professionals in the UK and US, AI adoption has outpaced security controls by roughly two to one.**\n\n[Heimdal](https://heimdalsecurity.com/) today published [The State of AI Risk Management in 2026](https://heimdalsecurity.com/blog/state-ai-risk-management/?utm_source=cybernewswire&utm_medium=pr&utm_campaign=ai-risk-report-2026&utm_content=report), a survey of 1,000 IT professionals across the United Kingdom and the United States.\n\nThe report’s headline finding is a divide inside the same organizations: the closer a person sits to the day-to-day running of AI, the less confident they are that the risk is contained. In the US, 29% of C-suite and VP respondents say their organization has AI risk under control, against 7% of the mid-level practitioners managing it.\n\nIn the UK, the gap runs the same way, 18% to 11%. Both gaps are statistically significant.\n\nAI tools are already present across most IT estates, and most teams run several at once.\n\nThe controls have not kept pace. Across both markets, the report finds adoption has outrun security controls by roughly two to one.\n\nThe survey also records a counterintuitive pattern: the teams that see their AI use most clearly are the most concerned about it, not the least.\n\nHeimdal’s report describes visibility as the diagnosis rather than the cure.\n\nIn an incident publicly disclosed in January 2026, the acting director of CISA, the United States cybersecurity agency, uploaded documents marked “For Official Use Only” to public ChatGPT in mid-2025.\n\nThe agency’s own monitoring flagged the activity within a week, but the use policy had not prevented it.\n\nKey findings\n\n“Misplaced confidence is one of the most dangerous things in security. This data shows executives are far more confident that AI risk is under control than the evidence supports. Most of the conversation right now is about productivity, when the bigger question is how AI can be turned against the business. The report shows the gap between how secure leaders feel and how secure they actually are,” said Adam Pilton, Cybersecurity Advisor at Heimdal.Independent security researcher Rafay Baloch, CEO and Founder of REDSECLABS, added: “The risk that concerns me most is not AI itself but the blind spots it can create. When teams use AI tools without clear oversight, sensitive information, intellectual property, and business data can end up in places leaders never intended. Many organizations believe having an AI policy means they are prepared, but a policy alone does not create visibility. The companies seeing the best results are not the ones trying to restrict AI. They are the ones creating clear guardrails while helping employees use AI responsibly.”\n\nThe report concludes that organizations should treat AI as part of the core IT estate, applying the same scrutiny to AI services as to any other critical supplier, including procurement review, contractual data-handling terms, a current inventory of sanctioned and unsanctioned AI tools, and technical controls over access, execution, action chains, and privilege.\n\nThe full report is available at [https://heimdalsecurity.com/blog/state-ai-risk-management/](https://heimdalsecurity.com/blog/state-ai-risk-management/?utm_source=cybernewswire&utm_medium=pr&utm_campaign=ai-risk-report-2026&utm_content=report)\n\n**About the Research**\n\n[The State of AI Risk Management in 2026](https://heimdalsecurity.com/blog/state-ai-risk-management/?utm_source=cybernewswire&utm_medium=pr&utm_campaign=ai-risk-report-2026&utm_content=report) is based on a survey of 1,000 IT professionals (500 UK, 500 US), conducted via Pollfish from 1 to 8 May 2026. The sample spans six seniority tiers from entry-level through C-suite and VP.\n\n**About Heimdal**\n\n[Heimdal](https://heimdalsecurity.com/) is a global cybersecurity provider offering a unified security and compliance platform across endpoint, identity, email, network, and access security. More than 17,000 customers in over 40 countries use its 12-plus integrated products to prevent threats, detect breaches, and automate response.\n\n**Head of Content**\n\n**Danny Mitchell**\n\n**Heimdal**\n\n**dmi@heimdalsecurity.com**", "url": "https://wpnews.pro/news/heimdal-survey-executives-four-times-more-confident-about-ai-risk-than-the-teams", "canonical_source": "https://www.cio.com/article/4186242/heimdal-survey-executives-four-times-more-confident-about-ai-risk-than-the-teams-managing-it.html", "published_at": "2026-06-17 12:45:04+00:00", "updated_at": "2026-06-17 13:00:11.380336+00:00", "lang": "en", "topics": ["ai-safety", "ai-policy", "ai-research"], "entities": ["Heimdal", "CISA", "Adam Pilton", "Rafay Baloch", "REDSECLABS"], "alternates": {"html": "https://wpnews.pro/news/heimdal-survey-executives-four-times-more-confident-about-ai-risk-than-the-teams", "markdown": "https://wpnews.pro/news/heimdal-survey-executives-four-times-more-confident-about-ai-risk-than-the-teams.md", "text": "https://wpnews.pro/news/heimdal-survey-executives-four-times-more-confident-about-ai-risk-than-the-teams.txt", "jsonld": "https://wpnews.pro/news/heimdal-survey-executives-four-times-more-confident-about-ai-risk-than-the-teams.jsonld"}}