Back María Penilla warns that AI is redefining corporate cybersecurity and calls for setting clear and realistic expectations

2026 / 01 / 29
Nafarroako Enpresarien Konfederazioak (CEN) antolatutako jardunaldi batean, ZIUReko zuzendari nagusiak ziurtatu du adimen artifizialaren segurtasuna funtsezko erantzukizuna izango dela CISOentzat.

ZIUR Detected Nearly 2,000 Ransomware Incidents in the Fourth Quarter of 2025

At a conference organized by the Navarre Business Confederation (CEN), the CEO of ZIUR asserts that AI security will be “a key responsibility” for CISOs

The Navarre Business Confederation (CEN) held a conference yesterday dedicated to analyzing the main challenges and opportunities presented by cybersecurity in a context marked by the accelerated emergence of artificial intelligence (AI). The meeting brought together representatives from the business, institutional, and academic sectors, and served to share analyses and perspectives on the impact of these technologies on the competitiveness and security of organizations.

The conference opened with a presentation by Jesús Urien Pineda, partner in charge of Business Security Services (BSS) at PwC Northern Region, who presented the results of the Global Digital Trust Insights Survey 2026. Following this, Juan Ramón Aramendia, coordinator of the Navarre Cybersecurity Center, outlined the current state of cybersecurity in Navarre.

Another key moment of the conference was the presentation by María Penilla, CEO of ZIUR, which focused on the relationship between artificial intelligence and cybersecurity. Penilla presented various Gartner data points that demonstrate the magnitude of the ongoing change: 74 % of CEOs believe AI will be the technology with the greatest impact on their industries in the next three years, while 84% of technology executives plan to increase their AI investment by 2025. However, 71 % of organizations acknowledge that their operating model is not prepared for an AI-driven world, compared to only 29% that claim to be.

Optimistic and Pessimistic Scenarios

In this context, Penilla emphasized that AI security will be a core responsibility for CISOs, a role facing increasing pressure. In an optimistic scenario for 2028, 80% of digital workers will use multimodal interfaces with generative AI, significantly improving efficiency and accessibility at work, and 33% of enterprise software applications will incorporate agentive AI, compared to less than 1% in 2024, according to Gartner. However, in a pessimistic scenario for 2030, half of all companies could suffer a significant talent shortage, according to the same sources.

The CEO of ZIUR warned about the professional risks faced by security professionals: “Many CISOs believe that taking on more responsibility leads to professional growth, but this way of thinking can be misleading. Greater responsibility is often accompanied by insufficient resources and a higher risk of being singled out when things go wrong.” In this regard, she stated that CISOs have never before faced such significant personal and professional opportunities and risks, and called for finding a balance between driving innovation in AI and establishing clear and realistic expectations.

European AI Law

Penilla also addressed the European AI Law, noting that the regulations apply to all AI-enabled functions that are deployed. The law regulates individual AI functions—referred to as “AI systems”—meaning that a single product can include dozens of these systems, which must be individually assessed and classified according to their risk level. Furthermore, the regulations apply to any AI system an organization implements, whether developed internally or acquired from third parties, highlighting the significant number of AI systems integrated into software solutions and SaaS services currently in use.

The day concluded with a roundtable discussion on the cybersecurity challenges facing Navarrese society and businesses. Participants included Carlos Fernández Valdivielso, Secretary General of CEN; Mikel Goñi, Director of Information Security, Digital Transformation, and AI at Exkal; Juan Ibero, CTO & CISO of the Enhol Group; and Mikel Izal, Professor at the University of Navarra. The discussion was moderated by Unai Cenigaonandia, Senior Manager of Business Security Solutions (BSS) at PwC Spain.