11% of organizations reported feeling prepared to meet emerging regulatory requirements.

13% of IT leaders globally consider their organization's management of shadow AI risks as 'highly effective'.

49% of IT leaders globally either don't track AI usage at all or address AI on a reactive basis.

61% of IT leaders globally found unauthorized AI tools in their environments.

23% of organizations admitted to having no controls for AI prompts or outputs.

7% of organizations reported having a dedicated AI governance team.

Fewer than 30% of enterprises feel prepared for upcoming AI governance requirements.

50% of organizations reported that their organization uses AI for AI governance.

Only 32% of organizations operate at a managed level with measured effectiveness and reporting in AI security governance.

70% of organizations adopting AI are lacking optimized governance.

39% of organizations operate with inadequate AI governance structures entirely, relying on inconsistent frameworks, ad hoc practices, or no AI-specific governance at all.

A smaller share of Canadian middle market firms indicate they don't have AI governance in place compared to U.S. respondents (5% versus 20%).

34% of smaller middle market companies noted that AI governance steps are not yet in place.

Security and privacy risks were a reason for turning off AI functionality, cited by 55%

Looking ahead, 70% of organisations will focus on AI/ML data usage governance.

A lack of transparency and explainability was the top reason for turning off AI functionality, cited by 58%

83% of CISOs place significantly higher priority on AI data usage governance.

71% of Security Managers/Directors focus on AI governance.

Vendor reliability and maturity were a reason for turning off AI functionality, cited by 50%

Just over half of respondents said that they regularly disable AI functionality in some or all security tooling due to a range of considerations