Fortune 100 companies are increasing board-level oversight of AI, with 48% now formally addressing risks, up from just 16% in 2024, according to a report from EY.
Despite the increased board-level focus, a separate report finds nearly half of companies are struggling to translate AI policies into effective risk management.
The governance push comes as many organizations adopt an "act now, secure later" approach to AI, leading to a rise in related security breaches.
Fortune 100 companies are dramatically increasing board-level oversight of AI risks, driven by threats like deepfakes and data loss from unauthorized employee tools, according to a new EY report.
The oversight boom: The numbers reveal the shift's scale: nearly half (48%) of boards now formally address AI risk, up from just 16% in 2024. According to the full analysis, 40% have also tasked a specific committee with AI responsibility, and over a third are now flagging AI as a formal risk in 10-K filings.
The execution gap: But there's a growing disconnect between policy and practice. A separate report from AuditBoard found that nearly half of companies are struggling to manage these risks, with the rush to implement AI hitting a wall. As AuditBoard CISO Richard Marcus told Cybersecurity Dive, confidence dips "once questions about ownership, validation and accountability come up.”
The flurry of disclosures shows boards are awake to AI's challenges, but the real test will be translating boardroom policy into effective, on-the-ground risk management. This governance scramble comes as many organizations adopt an "act now, secure later" approach to AI, fueling a rise in breaches. Meanwhile, in a fragmented regulatory environment, some argue that boards should focus less on rules and more on the ethical implications of their AI strategies.
