Ninety percent of security leaders say AI will meaningfully strengthen their organization’s defenses. Only 8 percent are operationally ready to deploy it today. The findings are part of a survey published Tuesday that reinforce the intention gap between the two is not an outlier.
The State of Workforce Password Security 2026 report, commissioned by Zoho Vault and conducted by Tigon Advisory Corp., draws on responses from more than 3,300 IT and security leaders across North America, Europe, India, ANZ, the Middle East and Africa, and APAC. The delta it documents between intent versus readiness reflects a structural problem flagged this year by many.
A separate survey by Netskope AI Research of 1,253 cybersecurity professionals published earlier in 2026 found that AI tools are now deployed at 73 percent of organizations, but real-time governance has reached only 7 percent — a 66-point structural deficit that is widening as adoption accelerates. The Zoho-commissioned survey adds another dimension to that picture: it is not just governance lagging behind deployment, but deployment itself lagging behind intent.
The visibility problem may be more urgent than the AI gap. Seventy-four percent of organizations in the survey reported incomplete visibility over their own workforce identities. Only 11.6 percent could confirm with confidence who accesses what, when, and why. Nearly 40 percent reported effectively no visibility at all. That finding tracks with what IBM’s X-Force team described in its 2026 threat index: many security incidents stem from lapses in basic hygiene, and modern environments are often too complex for manual oversight, with identity sprawl increasing the impact of simple mistakes.
Zero Trust adoption remains a pressure point. Sixty-five percent of organizations in the survey have no Zero Trust architecture in place, with most expecting adoption within one to three years. That window matters: the 2026 RSA ID IQ Report found that identity-related breaches have surged, with 69 percent of organizations reporting a breach in the last three years — a 27-percentage-point increase over the prior year — and nearly one-quarter reporting breach costs exceeding $10 million.
Budget commitments are rising but appear to be chasing a threat curve that keeps moving. Eighty percent of organizations acknowledged their current security stack is not built for what is coming, and while 72 percent are committing to increased security spending over the next five years, four out of five leaders said they are already behind the threat curve they are trying to fund their way out of.
The World Economic Forum’s Global Cybersecurity Outlook 2026 offers a cautiously optimistic counterpoint on the AI governance dimension: the share of organizations assessing the security of their AI tools has nearly doubled, from 37 percent in 2025 to 64 percent in 2026, indicating that more structured governance processes are taking hold. Whether that translates into closed readiness gaps remains an open question the Zoho report leaves squarely unanswered.
Photo by Zalfa Imani on Unsplash
