The Number That Should Worry Every Board
On June 8, 2026, IBM's Institute for Business Value published a study, conducted with Oxford Economics, of 2,000 CIOs and CTOs across 33 geographies and 19 industries. The headline figure is uncomfortable: 67 percent of these technology leaders say they are held accountable for AI systems they do not fully control. That is not a complaint about workload, it is a structural mismatch between responsibility and authority, and it is the kind of gap that ends careers when something breaks. When two thirds of the people on the hook for AI cannot fully govern what they are answerable for, the problem has stopped being technical and become organizational.
The supporting data sharpens the picture. Seventy percent of respondents report that business teams deploy technology faster than IT can track, and 77 percent say AI adoption is already outpacing their governance capabilities. IBM CIO Matt Lyteson framed the core tension precisely: "For CIOs and CTOs, the challenge now is scaling AI systems that operate continuously and autonomously, often within governance models designed for a far slower, more predictable environment." That sentence is the whole study in miniature. The controls were built for software that waited to be told what to do, and they are now supervising software that does not wait.
Incidents Are Not Hypothetical Anymore
The most useful contribution of this study is that it puts numbers on consequences that are usually discussed in the abstract. Organizations surveyed experienced an average of 54 AI agent incidents over the year, and 17 percent of those were classified as high severity. More striking, 37 percent of incidents resulted in data exposure or breaches, 33 percent caused cascading system failures, and 17 percent triggered compliance issues. These are not edge cases or thought experiments. They are the operational reality of running agents at scale with governance that has not caught up, and they are happening dozens of times a year inside the average enterprise.
We find the incident data more persuasive than any forecast, because it describes what already happened rather than what might. An average of more than one agent incident a week, with a meaningful share touching data or compliance, is the sort of run rate that quietly erodes trust in an AI program before any single event becomes a headline. Victoria Medina of Allianz Spain captured the blind spot well: "AI has both a light side and a dark side, many organizations are more exposed than they realize." The exposure is not coming, it is here, and most organizations are measuring it after the fact rather than before.
The Readiness Gap Under a CEO Mandate
The most politically awkward finding is the collision between pressure and preparedness. Eighty percent of respondents say they operate under a CEO-driven AI transformation mandate, yet only 11 percent feel completely prepared for the scale of agent deployment expected in the next year. IBM projects a 38 percent increase in AI agents by 2027, which means the readiness gap is about to be tested by a larger fleet, not a smaller one. When the chief executive is demanding transformation and the people executing it feel one tenth ready, the organization is running toward a cliff with the accelerator down.
The financial dimension compounds the risk. AI spending is projected to grow from 15 percent of IT budgets in 2025 to 25 percent by 2027, yet 84 percent of organizations have not operationalized AI financial management and 85 percent lack real-time visibility into AI spend. Put plainly, enterprises are about to commit a quarter of their technology budgets to systems they cannot fully see, control, or cost. Afonso Eça of Banco BPI described the experience as flying a plane at 10,000 feet, being told to climb to 12,000 and replace both engines mid-flight. The metaphor is dramatic, and the survey suggests it is also accurate.
Why Built In Beats Bolted On
The study's prescriptive payload is its strongest argument, because it ties governance to performance rather than to fear. IBM reports that organizations embedding controls and visibility into AI systems from inception deploy 16 times more agents, experience 25 percent fewer incidents than those relying on manual governance, and spend four times less of their AI budget while doing it. Most tellingly, firms that design controls in report 18 percent higher operating margins. That last figure reframes the entire conversation. Governance is not the cost of going slow, it is correlated with going faster and more profitably.
That is the same insight the venture market is now pricing through agent-governance startups, arrived at from the opposite direction. The implication for CIOs is that retrofitting controls onto a deployed agent fleet is the expensive path, and designing them in is the cheap one, both financially and operationally. The organizations that treat control as a feature of the architecture, not a committee that meets after launch, are the ones deploying more and breaking less. The study does not tell leaders to slow down. It tells them that the only sustainable way to speed up is to build the guardrails before the road, not after the crash.



