The New ROI Equation: Why AI Deployment Demands Security, Governance, and Practicality

Helga Ivv

04 Jun 2025 • 1 min read

As artificial intelligence continues to reshape the enterprise landscape, organizations are rethinking how they define ROI. Ahead of his talk at TechEx North America, Kieran Norton, Deloitte’s U.S. Cyber AI & Automation leader, emphasized that successfully integrating AI into business processes isn’t just about innovation—it’s about doing it securely, responsibly, and strategically.

While many companies already have basic cybersecurity in place, the advent of AI has changed both the nature of threats and the tools available to combat them. AI is now being used to detect anomalies in networks and flag phishing attacks, but it's also giving cybercriminals new ways to exploit systems. This duality requires companies to take a broader, more mature approach.

Norton compares this AI shift to the early days of cloud adoption: “People understood the advantages but had to evolve slowly to implement it correctly.” The same principle applies here. Companies need to update governance frameworks, secure data flows, and bring in specialized expertise to ensure AI is deployed safely. That includes guarding against issues like bias, hallucination, data poisoning, and model vulnerability—problems that didn’t exist in legacy systems.

One emerging challenge is agentic AI—autonomous systems that can trigger actions, not just respond to queries. Norton highlights the risks of deploying such agents in critical use cases like finance or healthcare, where a single mistake could carry serious consequences. “That’s not the first use case you want to try,” he notes.

At Deloitte, Norton says AI is already being used in SOC ticket triage, a use case with clear return and minimal risk. AI handles first-level incident analysis, saving significant time while operating under close human oversight. This kind of measurable, non-customer-facing application is the kind of stepwise, ROI-conscious approach Norton advocates.

Ultimately, organizations need to ask the right foundational questions: Where is the data? Who can access it? What is the risk? Norton urges leaders to start small and build from there, with a solid understanding of both the technical complexity and governance requirements involved.

Sign up for more like this.