Most firms can’t quickly halt or explain AI crises, ISACA finds
ISACA found 59% of digital trust professionals do not know how fast their organizations could interrupt a compromised AI system; 21% reported they could step in within 30 minutes.
ISACA surveyed digital trust and security professionals about organizational readiness for AI incidents. The survey found 59% of respondents did not know how quickly their organization could interrupt a compromised AI system; 21% reported they could meaningfully intervene within 30 minutes.
The report found many organizations lack mechanisms to pause or stop AI systems during a security event, allowing compromised systems to continue operating and potentially cause additional harm before human intervention.
Respondents reported limited confidence in incident analysis and accountability. Forty-two percent said their organization could analyze and explain a serious AI incident. Twenty percent said they did not know who would be held responsible if an AI system caused damage, and 38% identified the board or an executive as ultimately responsible.
On oversight, 40% of respondents reported that humans approve almost all AI outputs before they are used, and 26% said they evaluate AI outcomes. ISACA warned that human review on its own may not detect or stop fast-moving failures without stronger governance for AI deployment and monitoring.
More than one-third of organizations do not require employees to disclose when or where they use AI in their work, creating potential blind spots in oversight.
Ali Sarrafi, CEO and founder of Kovant, urged organizations to treat AI as “digital employees” with clear ownership, defined escalation paths and the ability to be paused or overridden instantly when risk thresholds are crossed.
The report found that many organizations treat AI risk mainly as a technical issue rather than a matter requiring governance and management across the business. ISACA recommends building control and accountability into AI systems from the start so visibility, ownership and means to intervene are part of the architecture.
ISACA noted that without stronger governance and clear responsibility, even small AI errors could lead to operational, financial or reputational harm that organizations may struggle to address.
Content on BlockPort is provided for informational purposes only and does not constitute financial guidance.
We strive to ensure the accuracy and relevance of the information we share, but we do not guarantee that all content is complete, error-free, or up to date. BlockPort disclaims any liability for losses, mistakes, or actions taken based on the material found on this site.
Always conduct your own research before making financial decisions and consider consulting with a licensed advisor.
For further details, please review our Terms of Use, Privacy Policy, and Disclaimer.
Articles by this author
