ACCORDING to ISACA, more than half of IT and cybersecurity professionals (56%) have no idea how quickly they could shut down AI systems affected by a cyber-attack or security incident, based on a survey of over 3400 security and digital professionals published on 23 March 2026. Just under a third (32%) said they believed they could halt potentially compromised AI systems within an hour, while 7% thought it would take over an hour.
The findings also highlight governance confusion, with 20% of respondents not knowing who is accountable for AI apps, and 28% saying management of AI is the responsibility of board level executives, 18% the CIO or CTO, and 13% the CISO. The report notes a lack of human oversight as a factor, with 36% saying humans must approve most AI actions, 26% saying AI activity is reviewed only after the action, 11% reviewing only in flagged cases, and 20% unsure what role humans play. Jenai Marinkovic of Tiro Security is quoted emphasising the need for proper guardrails and governance before adopting AI.