52% of organizations lack a formal AI governance framework.

Fewer than 30% of enterprises feel prepared for upcoming AI governance requirements.

39% of organizations operate with inadequate AI governance structures entirely, relying on inconsistent frameworks, ad hoc practices, or no AI-specific governance at all.

Only 32% of organizations operate at a managed level with measured effectiveness and reporting in AI security governance.

70% of organizations adopting AI are lacking optimized governance.

50% of organizations reported that their organization uses AI for AI governance.

Of the organisations that have AI governance policies in place, only 34% perform regular audits for unsanctioned AI.

63% of breached organisations either don't have an AI governance policy or are still developing one.

A smaller share of Canadian middle market firms indicate they don't have AI governance in place compared to U.S. respondents (5% versus 20%).

34% of smaller middle market companies noted that AI governance steps are not yet in place.

Just over half of respondents said that they regularly disable AI functionality in some or all security tooling due to a range of considerations

Looking ahead, 70% of organisations will focus on AI/ML data usage governance.

Security and privacy risks were a reason for turning off AI functionality, cited by 55%

Vendor reliability and maturity were a reason for turning off AI functionality, cited by 50%

83% of CISOs place significantly higher priority on AI data usage governance.

A lack of transparency and explainability was the top reason for turning off AI functionality, cited by 58%

71% of Security Managers/Directors focus on AI governance.