Download this article in PDF format.
Cybersecurity and risk managementw top the list of business priorities this year as digital threats grow more advanced and companies depend more on connected systems. Protection can’t be an afterthought anymore. It has to live inside every part of a company’s strategy and daily operations. In Grant Thornton Advisors’ latest Digital Transformation Survey, more than half of senior leaders named cybersecurity and risk management as one of their top three technology goals for 2025.
The challenge now is clear: staying secure while still giving teams room to innovate. Achieving that balance isn’t always easy. For example, as companies roll out more artificial intelligence (AI), automation and cloud systems, they gain efficiencies while also exposing themselves to a host of new risks.
AI is in the Spotlight
In “Tech resilience: When brakes help you go faster,” Grant Thornton says smart organizations are investing in real-time monitoring, stronger incident response plans, and AI tools that detect and fix problems fast, but cautions that technology alone won’t build resilience. “The proper balance lies in developing guardrails for technology transformations that create a walled garden where employees can experiment,” the company adds.
“If you’re experimenting with AI adoption, these guardrails protect the organization from intellectual property claims, preserve confidential data and ensure the quality of products and services as well as the customer experience,” Grant Thornton advises. “Some of these guardrails can include basic functions the organization already has such as protected sandboxes, or IT change management.”
Mitigating Technology Risks
In the report, Derek Han of Grant Thornton’s Risk Advisory practice said organizations are especially focused now on improving their data to enable successful AI use. “Data has been the core challenge—but also the opportunity—for many organizations in their AI adoption,” he said. “For some, it’s going to be a real journey to make sure their data is high in quality and widely usable for training large language models within organizational boundaries.”
Asked to rank the top approaches that help their organizations mitigate technology risks, survey respondents said these strategies work best:
- Deploying and using governance, risk and compliance tools, and processes.
- Doing regular risk assessments.
- Using business resilience processes and programs.
- Assigning risk ownership across IT and the business as a whole.
- Integrating risk management platforms.
Executives are also investing in more cybersecurity tools this year, according to Grant Thornton, which says 68% of respondents named cyber solutions as one of the top five technologies they’re buying in 2025.
Cybersecurity solutions that incorporate AI are emerging. They can be used to probe for vulnerabilities in defenses; review audit logs for potential indicators of compromises; and remediate risk issues or vulnerabilities. Even with these emerging tools, organizations are placing a bigger emphasis on the role that humans play in keeping those advanced systems strong and secure.
“It’s important to strike a balance between the use of AI tools and developing the expertise and critical thinking of the human security team,” said Han.
That’s because for now at least, even the best AI can’t replace human judgment, context or intuition when a real incident occurs. Put simply, executives are starting to recognize that cybersecurity is not just a technology investment, and that teams still need to know how to respond, communicate and make quick decisions when a threat hits.
Putting the Right Guardrails in Place
Ultimately, Grant Thornton says that compliance and resilience work best when both are embedded in the corporate culture and reinforced by leadership. It says some companies are assigning “risk champions” at every level, while others are advocating for more cross-department knowledge sharing that “spreads the word about appropriate responses to risk.”
“At the most successful organizations, governance, cyber readiness and compliance aren’t viewed as constraints,” it says. “They’re necessities that can be pursued more effectively through the implementation of technology. And when transformative technology is implemented, leading organizations put the right guardrails in place to help themselves get the most out of such tools.”
