90% of security leaders at enterprises expect to implement governance policies for citizen development by the end of 2026.

Only 37% of CIOs say they have full visibility of AI tools in use across their organisation.

53% of enterprises have had AI agents exceed their intended permissions, leaving them vulnerable to increased risk.

37% of CIOs deploy AI bias processes.

54% of enterprises report having between 1 and 100 unsanctioned AI agents.

49% of enterprises feel slightly or not at all prepared for upcoming AI-related regulations.

Across the surveyed countries, 64% of organisations report having some or strong governance in place for agentic AI.

42% of organizations report limited visibility into all AI tools or models used across the organization.

31% of enterprises have formally adopted a governance policy for AI agent usage.

34% of enterprises report ownership visibility for just 26–50% of their AI agents.

32% of organizations have already established clearly defined governance or guardrails for AI security tools.

40% of CIOs use explainability mechanisms for AI.

48% of CIOs maintain AI audit trails and logging.

50% of enterprises have at least partially documented governance policies for AI agent usage.

17% of UK IT decision makers say governance for agentic AI is basic or minimal.

15% of enterprises report that 76–100% of AI agents have defined ownership.

40% of organizations say security policies have not yet been updated to address AI-specific risks.

67% of enterprises allocate a budget for securing business-built applications and AI agents, and they expect that budget to grow by 15% in the coming year.

90% of enterprises are working to standardize AI tool security.

43% of UK IT decision makers report having some governance for agentic AI but with gaps.