Cybersecurity not just technical concern, needs to be Board-level business priority, says Elastic chief

Cybersecurity not just technical concern, needs to be Board-level business priority, says Elastic chief

February 22, 2026 discoverhiddenusacom Technology

AI’s Ascent: Why Cybersecurity is Now a Boardroom Battle

The cybersecurity landscape is undergoing a seismic shift. No longer solely a technical issue for IT departments, it’s rapidly becoming a core business concern demanding the attention of boards and senior leadership. This transformation is driven by the explosive growth of artificial intelligence (AI), the increasing digitization of daily life, and the sheer volume of data now circulating globally.

The Data Deluge: Fueling AI and Expanding Risk

We are living in an age of unprecedented data creation. Estimates suggest that downloading all the internet data generated in 2024 alone would take 181 million years. However, a significant portion – around 90% – isn’t entirely new, but rather replicated or reformatted versions of existing information. This data surge isn’t just a statistical curiosity; it’s the very foundation upon which AI systems operate.

As Mandy Andress, Chief Information Security Officer at Elastic, points out, AI’s power stems from data. Training models, making decisions, and analyzing logic all rely on massive datasets. This dependence creates new vulnerabilities. The more data involved, the greater the potential attack surface.

The Rise of Autonomous Threats: AI as Both Defender and Attacker

The increasing autonomy of AI systems introduces a new layer of complexity to cybersecurity. Automation is crucial for managing the scale of modern digital environments, but poorly defined guardrails can lead to unintended consequences. An AI agent acting outside of its intended parameters can create impacts equivalent to those of a malicious insider.

This necessitates a fundamental shift in how organizations approach security. Resilience – the ability to recover quickly from disruption – is no longer sufficient. Companies must embed resilience into their overall business strategy, recognising that cybersecurity is now an existential business risk.

Beyond Resilience: Embracing Anti-Fragility

The goal shouldn’t just be to bounce back from attacks, but to become stronger in the face of them. This concept, known as “anti-fragility,” represents the next evolution in cybersecurity preparedness. Anti-fragility means not merely withstanding chaos, but actually benefiting from it.

Scenario Planning and Cross-Functional Collaboration

Achieving resilience and anti-fragility requires proactive preparation. Regular scenario planning exercises, simulating real-world cyber crises, are essential. These exercises shouldn’t be limited to technical teams; they must involve executives, legal counsel, and communications leaders to ensure a coordinated response.

The Board’s Role: From Oversight to Ownership

The board’s role is evolving from oversight to ownership. Cybersecurity is no longer a topic for quarterly updates; it demands continuous engagement and strategic direction. Boards must understand the risks, allocate resources appropriately, and hold leadership accountable for building a robust security posture.

This includes understanding the implications of AI governance, data privacy, and security risk management. AI systems require governance requirements proportionate to their risk level.

The UK NCSC Warning: AI-Driven Cyber Threats on the Horizon

The UK’s National Cyber Security Centre (NCSC) recently issued a warning about rising AI-driven cyber threats to critical national systems, highlighting the urgency of this issue. This underscores the need for proactive measures and a heightened state of awareness.

FAQ: Cybersecurity and AI in 2026

  • What is driving the shift in cybersecurity priorities? The increasing reliance on AI, the digitization of everyday life, and the exponential growth of data.
  • What is “anti-fragility” in the context of cybersecurity? The ability to grow stronger and more resilient in the face of disruption.
  • What should boards be doing to address cybersecurity risks? Engaging continuously, allocating resources, and holding leadership accountable.
  • Is AI only a threat to cybersecurity? No, AI can also be a powerful tool for enhancing cybersecurity defenses.

Pro Tip: Regularly review and update your incident response plan to ensure it addresses the evolving threat landscape, including AI-powered attacks.

Did you know? The volume of data generated globally is so vast that downloading all of 2024’s internet data would take 181 million years.

Want to learn more about building a resilient cybersecurity strategy? Explore our other articles on digital trust and risk management.

, , , , , , , , ,