Search for:
Artificial Intelligence

Board and C-Suite Lessons for Getting AI Right: What 25 Years of Internet Adoption Can Teach Us

By: , , , , , and

As boards and executives look for guidance on how best to adopt AI, comparisons to previous innovations are often used. But catchphrases like “AI is the new fire” or “it’s the new electricity” are not very helpful for people who have to make decisions about AI adoption. None of us were around to experience the impact of the steam engine, and even if we had been, the business world then was so different from what it is today that any lessons cannot be readily translated into concrete, actionable advice.

By contrast, the relatively recent adoption of the Internet by businesses, which some of us (Avi) are old enough to remember firsthand, is a much more useful analogy. It is also helpful to consider that we are likely in the “Dial-Up” era of AI; it’s noisy, clunky, and occasionally disconnects, but, as discussed below, there are advantages in jumping in now, and not waiting until the 6G network is up and running.

Similarities between AI and the Internet include:

  1. A Powerful General-Purpose Technology. Both can touch every business function (e.g., HR, finance, operations, legal, marketing) and add significant value to a company. Optimal adoption, however, is not obvious and requires hard choices about integration, talent, and business model transformation. Although these technologies change almost every company, they do so in very different ways, so there are often winners and losers depending on the speed and strategy of adoption.
  2. Continuous Evolution. Both undergo rapid change, so there is no single moment of implementation; they start as an experiment, then become table stakes, and then, at least for some businesses, become core to their competitive advantage.
  3. New Legal/Regulatory Risks. Both present entirely new and somewhat amorphous regulatory and legal risk categories, causing some companies to take on too much risk and others to take on too little.
      • Internet Examples: Cybersecurity, privacy, data transfer rules, and content moderation.
      • AI Examples: Algorithmic bias, illusion of accuracy, explainability, automated decision-making, AI safety, data-use limitations, and emerging questions about copyright and data provenance.
  4. Risk of Delay. For both the Internet and AI, there is a significant risk for companies that wait too long to begin adoption in earnest. They may lose the talent they need for implementing the new technology. When they do finally make the move, finding the necessary talent may be expensive. It may also be hard to catch up to their peers who began their adoption much earlier; institutional knowledge and capability tend to compound over time.
      • Internet Examples: Sears vs. Amazon; traditional travel agents vs. Expedia/Kayak; taxi companies vs. Uber.
      • AI Examples: AI-native tutoring platforms and personalized learning tools competing with traditional tutoring and education businesses; AI-driven analytics firms displacing legacy data and consulting providers.

There are parallels, too, in the adoption vision for these technologies. Broadly, companies tend to fall into one of three archetypes:

  1. Extenders. Some companies will rightfully opt for modest adoption. Their core business will remain largely the same, but they will use the new technology to create efficiencies and enhance the creation and distribution of their core products and services.
      • Internet Examples: Retailers adding e-commerce as an additional sales channel; newspapers putting articles online; banks offering web-based services.
      • AI Examples: Law firms using AI to speed up document review and research; retailers using AI for better inventory forecasting; clothing merchants using AI for virtual fitting rooms; manufacturers using AI for predictive maintenance; B2C companies using AI chat for first-line customer support functions.
  1. Transformers. Some companies will opt for heavier adoption and thereby significantly change their core business.
      • Internet Examples: Netflix moving from mailing DVDs to streaming; the New York Times delivering multimedia content and mobile games; companies providing physical document storage adding electronic storage services.
      • AI Examples: Customer service organizations making extensive use of AI agents; drug discovery companies building AI-first research pipelines; financial institutions re-architecting core risk and credit models around AI systems.
  1. Creators. Some companies will adopt the technology to create entirely new businesses.
      • Internet Examples: Amazon Web Services emerging from internal infrastructure; Google building an advertising empire on search; digital-only marketplaces and platforms that did not exist in an offline form.
      • AI Examples: Companies fine-tuning models on proprietary data and licensing those models as products; new service offerings built around AI capabilities competitors lack (such as AI-native copilots for coding, legal research, due diligence, or transaction monitoring).

AI Lessons for the Board and Senior Management from the Internet

Assuming that AI is playing a role similar to the Internet 25 years ago, the following lessons from Internet adoption may be helpful for boards and executives facing AI adoption choices today.

  1. Inevitability. Almost every company became dependent on the Internet in some way, and almost every company will likely become dependent on AI. In recognition of that inevitability, senior executives and boards are shifting from “Should we use AI?” to “Where are we deploying AI?” If adoption is inevitable, there are good reasons not to wait for perfect clarity, which may not come anytime soon.
  2. This Is R&D: Expect Failure. With Internet adoption, there were rabbit holes and false starts; that was inevitable, and organizations learned from them. The same will be true for AI. If all of a company’s initiatives that involve the adoption of a fundamental and rapidly expanding new technology go exactly as planned, the company is probably not taking on enough risk or exploring broad enough adoption. AI requires experimentation, iteration, and a willingness to abandon approaches that do not deliver value or that create unacceptable risk. Any company’s Internet strategy in 2000 looks nothing like its Internet strategy in 2010 or in 2020. AI strategy will similarly need ongoing reassessment. Boards should assume that AI will be a continuous R&D program, not a one-time project, and should help shape their organization so that it can learn and adapt.
  3. No One Can Do This for You. Software providers and consultants can assist with mapping the landscape, benchmarking against peers, and avoiding common pitfalls. They generally cannot, however, redefine a particular company’s risk appetite, data strategy, culture, or long-term strategic positioning. How best to transform a business to make the best use of a fundamental new technology is something the board and executives largely need to figure out for themselves.
  4. This Will Take a Lot of Time and Resources. As with the Internet, a one-hour employee training on AI is not going to be sufficient to realize the true potential of adoption for a company. A successful move to the Internet required a sustained investment in skills, infrastructure, and mindset. Effective AI adoption will similarly require substantial resources; buy-in and attention from senior management; mid-level management accountability; dedicated headcount; and ongoing, immersive, role-specific training. Indeed, a serious investment in training is not only necessary to build the required skills, it also signals to employees that “this matters” to senior management and that experimentation with AI, within guardrails, is encouraged.
  5. Governance. Change will require governance, which may include a cross-functional leadership team (e.g., business, tech, legal, compliance, risk, HR), in order to find high-value/low-risk AI use cases and allow the company to quickly learn from both its successes and failures. There will be some successes and risks at the individual user level, requiring short-term, policy-driven control of existing employee-initiated usage. But the big wins will likely require significant infrastructure investment to roll out, with leadership from senior management. Effective governance facilitates that by providing critical operational capabilities – policies, intake and approval pathways and oversight mechanisms allow for responsible AI adoption to scale.
  6. Know Which Kind of AI Company You Want to Be. Boards and senior managers should make sure that their companies’ AI strategies are fully aligned with the overall business strategies, and are consistent with the company’s adoption goals, including whether they are primarily going to be an AI extender, transformer, or creator. Being explicit about this point helps prioritize investments, avoid conflicting initiatives, and set realistic expectations for returns and risk.

Conclusion

AI will not unfold exactly as the Internet did, but the analogy is close enough to offer meaningful guidance. For boards and senior leaders, it therefore may be helpful to think of AI, like the Internet, as a strategic capability that merits caution, but also deserves the resources necessary to ensure the continued success of the organization.

To subscribe to the Debevoise Data Blog, please click here.

The Debevoise STAAR (Suite of Tools for Assessing AI Risk) is a monthly subscription service that provides Debevoise clients with an online suite of tools to help them with their AI adoption. Please contact us at STAARinfo@debevoise.com for more information.

The amazing cover art for this blog was generated by Gemini 3 (Nano Banana Pro).

Author

Charu A. Chandrasekhar is a litigation partner based in the New York office and a member of the firm’s White Collar & Regulatory Defense and Data Strategy & Security Groups. Her practice focuses on securities enforcement and government investigations defense and artificial intelligence and cybersecurity regulatory counseling and defense. Charu can be reached at cchandra@debevoise.com.

Author

Avi Gesser is Co-Chair of the Debevoise Data Strategy & Security Group. His practice focuses on advising major companies on a wide range of cybersecurity, privacy and artificial intelligence matters. He can be reached at agesser@debevoise.com.

Author

Gordon Moodie is a partner in the firm’s New York office and member of the Mergers & Acquisitions Group, Private Equity Group and the Technology, Media and Telecommunications Group, as well as the Public Company Advisory Group and Corporate Governance practice

Author

Karen Levy is the Chief Information Officer at Debevoise and serves on the firm's AI Governance Committee.

Author

Matthew Kelly is a litigation counsel based in the firm’s New York office and a member of the Data Strategy & Security Group. His practice focuses on advising the firm’s growing number of clients on matters related to AI governance, compliance and risk management, and on data privacy. He can be reached at makelly@debevoise.com

Author

William Sadd is the Head of Practice and AI Systems at Debevoise. He can be reached at wjsadd@debevoise.com.

Author

Sergio is a virtual specialist in the Data Strategy Group at Debevoise. He was created on May 3, 2025 using OpenAI's o3 model by Avi Gesser.

Related Posts