Alix Pressley, Director of Strategic Content, Intelligent Global Media

In this column, we’ ll be discussing key issues for CISOs and their teams – from AI to wellbeing and from Zero Trust to communication.

If you’ d like to get in touch, email alix. pressley @ intelligentglobalmedia. com

Whether it’ s hospitals, schools, or critical infrastructure providers being targeted, the impact is immediate, visible and in some cases, irreparable.

The latest victim to hit the headlines is University of Mississippi Medical Center( UMMC). The university confirmed a cyberattack incident and reported that it led to the closing of all statewide clinics and the cancellation of non-urgent medical appointments and procedures through at least the following day.

It’ s safe to say the result of this disruption severely impacted patients and the organisation reported that it was – at the time – unsure of the extent of any compromise to patients’ personal data.

Cybersecurity expert, Damon Small, Board of Directors, Xcape, offered his take:“ Healthcare organisations must recognise that they are attractive targets and should proactively invest in network segmentation, data backups and incident response capabilities.”

When referencing sophistication it’ s almost impossible to avoid mentioning AI, particularly when it is responsible for accelerating the threat landscape at such an unprecedented rate and attackers are using it to refine their tactics. Even when cyber defences are in place, they can quickly become overwhelmed resulting in long lasting damage.

Ivanti’ s new 2026 State of Cybersecurity Report explores this in more detail – specifically the‘ preparedness gap’ between threats and how defences are widening. One of the key takeaways from the report notes how companies are struggling to keep up with increasingly complex attacks, causing the gap between attacker and defender to widen.

Worryingly, 54 % of all organisations surveyed in the report said they believed their company‘ would’ or‘ probably would’ pay if hit by a ransomware attack today. That’ s over half of respondents; a shocking result which should be ringing alarm bells for CISOs.

AI is frequently positioned as the answer to this challenge, yet adoption tells a more cautious story. New data from Splunk’ s The CISO Report: From Risk to Resilience in the AI Era reveals that just 6 % of the 650 CISOs surveyed globally have fully deployed agentic AI in security operations, even as threats become more advanced.

This is yet another startling result considering 95 % of CISOs cite increasingly sophisticated threat actors as their greatest risk, creating pressure to adopt AI faster while still managing risk.

The research also shows strong belief in AI’ s operational value, with 92 % saying it enables teams to review more security events, yet 86 % worry agentic AI will supercharge social engineering attacks, accelerating both speed and scale.

This tension highlights the heart of the preparedness gap. Organisations recognise the power of AI but lack the operational confidence, governance structures or risk appetite to deploy it fully and the result is attackers move faster, while defenders hesitate.

The issue here is structural rather than purely technological – CISOs need to prioritise instilling confidence into their teams to eliminate the consideration of paying a ransom and the way to do this is by strengthening protection and recovery capabilities. If AI is widely acknowledged as critical, yet scarcely deployed, that indicates uncertainty around control, accountability and unintended consequences.

Preparedness is about integrating the latest tools effectively, aligning strategy with threat intelligence, rehearsing incident response and building institutional resilience.

WWW. INTELLIGENTCISO. COM 19