SecurityBrief Canada - Technology news for CISOs & cybersecurity decision-makers
Canada

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Overwhelmed apac it control room weak ai foundations cio blueprints
#
Digital Transformation
#
Physical Security
#
IAM

Forrester warns AI spend outpaces core IT readiness

Thu, 5th Feb 2026
Author image
By Karen Joy Bacudo, Finance Editor

Forrester warns that many organisations are increasing spending on artificial intelligence without building the IT foundations needed for safe, large-scale deployment.

The research note, The CIO's Guide To AI Readiness, argues that AI outcomes depend more on the maturity of core IT capabilities than on rapid advances in models and tools. It highlights gaps in governance, data quality, architecture readiness, and operational practices as organisations move from pilots to broader roll-outs.

These gaps can lead to failed proofs of concept, higher costs, and operational issues. Weak controls also increase reputational risk, particularly when AI is customer-facing or used in regulated environments.

Foundations first

Forrester's central message is that many firms overestimate the benefits of newer AI models while underestimating the work required to run them reliably in production. Fragmented governance, inconsistent data management, and outdated infrastructure remain recurring obstacles as teams try to scale beyond experimentation.

This shifts attention from model selection to IT operating readiness and places responsibility on CIOs to assess whether the organisation has the discipline and controls required for broader adoption.

In comments included with the research, Forrester said IT maturity is the key determinant of AI success.

"AI transformation is only as strong as the IT capabilities supporting it," said Frederic Giron, VP and senior research director at Forrester.

Governance shift

The report argues that governance must extend beyond pilot oversight. It calls for enterprise-wide discipline that links AI initiatives to business strategy, risk appetite, and operational capacity.

Instead of relying mainly on steering committees, it recommends ongoing performance measurement, risk scorecards, escalation processes, and transparent incident management. Regulated industries face additional pressure to demonstrate compliance, and governance practices also shape stakeholder trust when AI systems make decisions or generate content that affects customers.

Security controls

Forrester also raises concerns about AI security, arguing that conventional access and monitoring controls do not adequately address AI-specific risks. It highlights issues such as prompt manipulation, model drift, and unsafe agent behaviour.

The report cites Forrester's AEGIS framework as a model for governing AI-specific security, identity, and risk. It recommends continuous monitoring, policy-as-code, identity controls for AI agents, and real-time observability, particularly for organisations deploying customer-facing AI services where reliability and security directly affect operations.

Data and platforms

Data quality and consistency sit alongside governance and security in Forrester's readiness assessment. The research argues that AI systems reflect the accuracy and reliability of the data used to build and operate them, and calls for stronger practices in data lineage, metadata quality, and role-based access control.

Platform modernisation is another part of the readiness challenge. The report points to technologies such as lakehouses, vector databases, and knowledge graphs, which have become more prominent as organisations support generative AI use cases that require retrieving internal information and managing context.

It also highlights regional constraints in the Asia Pacific, where many organisations still rely on siloed legacy systems that can limit the ability to scale AI responsibly across business units.

Workforce readiness

Beyond technology and governance, the report frames workforce readiness as essential for sustained adoption. It says CIOs need teams that can collaborate across functions and adapt as AI becomes embedded in workflows.

The research highlights AI literacy and clearer roles for human-AI collaboration as factors that influence adoption and resistance. It also urges organisations to plan for shifts in operational work, including how exceptions are handled, who is accountable for outcomes, and how staff validate AI-generated outputs.

Giron urged CIOs to prioritise IT capability maturity over excitement about new models.

"CIOs must resist the gravitational pull of AI hype and instead focus on the one factor that consistently determines AI success: the maturity of their IT foundations," he said.

The report frames AI readiness as a combination of governance, security, data management, architecture modernisation, and workforce planning, and suggests many organisations will increase their focus on these foundations as AI initiatives move from pilots to wider deployment.

Related stories
Siemens unveils virtualised substation protection platform
Guardsquare buys Verimatrix XTD to boost mobile security
Flare sees rapid MSSP uptake of external threat intel
Palo Alto revamps NextWave to reward AI security platforms
Chainguard hits 500m container manifests with AI boost

Top stories

Hexnode embeds upgraded Genie AI to run UEM actions
Record rise in digital squatting fuels phishing wave
Genetec report finds healthcare ramping up hybrid-cloud and AI security
Bitdefender warns OpenClaw AI skills rife with malware
Ottawa funds AI & digital skills push in the North