CISOs face a complex tangle of tools, threats, and AI uncertainty

Most organizations are juggling too many tools, struggling with security blind spots, and rushing into AI adoption without governance, according to JumpCloud.

The average organization now uses more than nine tools to manage core IT functions. That is fueling a rise in complexity, and with it, security risks. Nearly three-quarters of respondents said their IT environments are difficult to manage. Security gaps were listed as the top problem with tool sprawl, followed by compliance issues and poor visibility.

Only 19 percent of respondents reported having a fully unified IT architecture. Another 71 percent said they had consolidated some or most of their tools, while 10 percent were not unified at all. “Despite many IT professionals wanting to unify their IT environments,” the report notes, “most organizations don’t yet have a fully unified architecture.”

The survey also found that organizations are moving away from single-vendor ecosystems. While Microsoft 365 is still widely used, nearly two-thirds of those using it also support Google Workspace. Only 2 percent of respondents said they had not explored alternatives to Microsoft tools. The top issues with Microsoft 365 were “high overhead,” “security configuration complexity,” and “complex licensing and pricing.”

Mobile and hybrid work environments are adding further diversity. On average, companies support nearly three operating systems. iOS and Android support are both common, and more than half of companies have staff using mobile devices regularly.

Security remains a top concern. The vast majority of IT professionals cited AI-driven threats, identity-based attacks, and device security as their biggest worries. Zero trust is seen as the leading strategy to defend against these risks, but only 11 percent of companies said they had fully implemented a zero trust model. Another 22 percent use identity-centric security as their foundation, while others combine different approaches.

User experience is an important factor in security programs. Improving the end-user experience ranked as the second-highest priority for IT teams this year. More than half of respondents said they actively measure user satisfaction with security tools, and many have added single sign-on or passwordless authentication to reduce friction.

AI is another area where IT leaders are feeling pressure. Nearly every company surveyed has already adopted AI or is planning to. But 94 percent also reported significant risks, including AI systems gaining access to sensitive environments, staff misuse, and poor visibility into AI behavior.

When asked how to secure AI, IT professionals ranked centralized visibility and audit trails as their top needs. Other priorities included role-based access, automated deprovisioning, and stronger governance for non-human identities. Only 23 percent of respondents said they are actively managing or securing AI-based accounts or agents.

Budget pressures are also shaping strategy. While 54 percent of organizations said they are focused on cost optimization, the same percentage reported increased spending on automation and IT unification. These two goals are closely linked. Investing in automation and platform consolidation is seen as a way to lower long-term costs and improve efficiency.

Looking ahead, the top three strategic priorities for IT teams are improving AI readiness, enhancing the user experience, and consolidating tools. Many are also looking to managed service providers to help support these efforts. More than 80 percent of organizations already work with MSPs, and over half expect those relationships to grow into more strategic roles.

The report concludes that unified IT architecture, zero trust security, and AI adoption are now essential to reducing complexity and risk. For CISOs, that means pushing for better alignment across teams and making strategic decisions about platforms, tools, and partnerships.

“Businesses face an expensive dilemma: their chaotic IT systems and incomplete zero trust efforts leave them exposed to increasing AI-driven cyberattacks,” said Rajat Bhargava, CEO, JumpCloud. “We believe that navigating these complexities hinges on strategic partnerships — collaborating closely with internal teams, security leaders, and MSPs is crucial. The data shows a unified, automated, and user-friendly IT foundation is the key to simplifying operations and empowering everyone’s success, even amid global uncertainty.”