Fortune 100 companies have sharply increased their public disclosures and oversight over AI strategy and related risks, as a growing number of companies rush to implement the technology into their strategic growth plans, according to a report released Tuesday from EY.
Nearly half of Fortune 100 companies have disclosed AI as a focus of board oversight, moving from 14% in EY’s 2024 report to 48% in the current study. Four in 10 companies indicated that AI is the responsibility of at least one board committee, according to the report. This compares with only one in 10 companies a year ago.
“Which committee has oversight and how the board provides guidance is a growing focus,” Patrick Niemann, EY Americas Center for Board Matters leader, told Cybersecurity Dive. “With that they also need to consider how they can keep pace with this growing area to ask the right questions and tailor how they govern AI and its associated risks to support the business’s strategic objectives.”
Fortune 100 companies are considered the top 100 companies in the U.S., based on an analysis of revenue.
More than one-third of these companies list AI as a risk factor in their annual 10-K reports filed with federal regulators. This compares with only 14% of companies in the year-ago study.
The report addresses specific concerns about AI risks among top companies, including the increased threat of deepfakes and the risk of data loss when employees use unapproved AI applications in the workplace.
EY’s report also shows a higher level of board involvement and transparency in terms of cyber readiness.
More than seven of every 10 companies are adhering to some type of external cybersecurity framework, with two-thirds of respondents citing the National Institute of Standards and Technology.
Nearly six of 10 companies disclosed some level of cyber preparedness in their regulatory filings, including the use of tabletop, simulations or response readiness exercises.
In nearly eight of every 10 cases, audit committees have been designated with responsibility for cyber oversight.
About 85% of companies said they either have a board member with cybersecurity expertise or are actively seeking a board member with such knowledge.
A separate report released Wednesday from AuditBoard shows that nearly half of companies are struggling to manage AI-related risks as they roll out ambitious implementation plans.
As a result, the adoption of these AI-based tools and services is beginning to stumble, just months after launch.
“Early pilots tend to run fast and loose,” Richard Marcus, CISO at AuditBoard, told Cybersecurity Dive via email, “but once questions about ownership, validation and accountability come up, we see confidence quickly dip, which slows down decision cycles.”
