Who is really running your organisation today: your leaders, your systems, or the habits that nobody dares to confront? That is the question I ask Boards and CEOs whenever they tell me their biggest risk is cyberattacks, artificial intelligence, or digital disruption. Most of the time, it is not. The real risk is execution decay.
I am facilitating a leadership retreat for one of regional largest institutions. The room is full. The CEO sits quietly at the front and the executives have just spent two hours discussing digital transformation, AI adoption and cybersecurity investments. Everyone sounds optimistic, the slides are beautiful, and the ambitions are grand.
I ask a question. “What is the one thing keeping you awake at night?” The room goes silent. Then a middle manager at the back raises his hand. “Sir,” he says, “we do not have a technology problem; we have an honesty problem.” Everyone laughs nervously. He continues. “We buy systems but ignore reports, we have dashboards nobody opens, people arrive late and leave early, some managers protect poor performers because they are loyal, resources disappear slowly, not dramatically, and good employees stop trying because excellence and mediocrity receive the same rewards.”
The room becomes heated up. I love it, because then I have their attention. Our biggest fear is not hackers entering our systems, it is people who have emotionally exited the organisation but continue occupying offices. I watch the CEO lean back because he knows it is true. The organisation looks modern from outside but inside, execution leaks from a thousand small behaviours nobody measures and nobody confronts.
And then another executive speaks. “We have been trying to solve this with policies.” I smile. Policies do not change culture, technology does not create accountability and AI certainly does not fix leadership. The problem is the absence of disciplined execution.
That afternoon, we do something unusual. Instead of discussing strategy, we list every recurring frustration. Delayed approvals, meetings without decisions, managers who escalate everything, teams that wait for instructions, cybersecurity incidents caused by shortcuts, projects launched enthusiastically and abandoned quietly.
The patterns are astonishing. Most of the losses are not financial fraud, but execution fraud. People pretending to work, managers pretending to supervise, committees pretending to govern and everyone pretending the organisation is moving faster than it actually is.
That is when the CEO says something profound. “We keep investing in better cars while ignoring the quality of our drivers.” Exactly. And that is where the conversation about autonomous agents must begin.
The truth about AI and autonomous systems is this. They do not remove organisational weaknesses but amplify them. If your organisation rewards shortcuts, AI will accelerate shortcuts. If employees ignore controls, autonomous agents will scale those failures. If accountability is weak, technology simply makes mistakes happen faster and at greater scale.
Many executives imagine cybersecurity in the age of autonomous agents as a technical war between defenders and hackers. That is yesterday’s battle. The new war is about execution. Imagine an autonomous purchasing agent authorised to negotiate contracts. What happens if procurement controls are weak? Imagine an AI agent approving expenses; what happens if fraud monitoring is poor? Imagine customer service agents operating independently; what happens if employees themselves ignore ethical standards?
Technology does not create risk; it reveals the risks leaders have tolerated for years. That is why the Board’s most important cybersecurity question is changing. It is no longer: “Are our systems secure?” The more strategic question is, “Are our people, incentives, culture and governance mature enough to supervise intelligent machines?” Because autonomous agents do not get tired, they do not take leave. They do not wait for instructions but learn. They decide and act. And if they inherit a broken culture, they scale its weaknesses with frightening efficiency.
I tell executives something that often surprises them. The organisations most vulnerable to AI-related cybersecurity risks are not necessarily those with outdated technology, but those where, performance management is weak, accountability is inconsistent, managers avoid difficult conversations, and poor performers face no consequences. Leaders confuse activity with results because intelligent machines thrive on clarity, and clarity begins with leadership.
I have seen organisations spend millions on cybersecurity tools while ignoring basic execution disciplines. People share passwords casually, critical alerts remain unread, risk registers are copied from previous years, meetings produce minutes but no action, everyone is busy; few are accountable. And then leaders wonder why transformation stalls.
The age of autonomous agents will punish this behaviour ruthlessly because the future belongs to organisations where execution becomes a strategic capability. Where leaders ask difficult questions, performance is transparent, trust is earned continuously, and cybersecurity is not an IT responsibility but a leadership discipline.
The most secure organisation in the age of AI will not necessarily be the one with the most advanced technology but one where people do what they say, managers confront reality, accountability is immediate and autonomous agents operate under leaders who understand that technology is never the hero but Leadership.
That is the challenge before today’s CEOs and Board and not whether AI will change the organisation, it already has.
The real question is whether the organisation has the courage to change itself before autonomous agents expose the execution weaknesses leaders have been postponing for years. Because in the future, the greatest cybersecurity breach may not come from an external attacker, it may come from an organisation that automated its processes before it disciplined its culture.
