52% of organizations lack a formal AI governance framework.

Fewer than 30% of enterprises feel prepared for upcoming AI governance requirements.

26% of organizations are adopting governance frameworks to establish rules for AI use in development.

Only 32% of organizations operate at a managed level with measured effectiveness and reporting in AI security governance.

70% of organizations adopting AI are lacking optimized governance.

50% of organizations reported that their organization uses AI for AI governance.

6.0% of organizations expect Governance and compliance in AI security to require the most new investment over the next 12 months.

39% of organizations operate with inadequate AI governance structures entirely, relying on inconsistent frameworks, ad hoc practices, or no AI-specific governance at all.

Organizations without governance tracking show 5 percentage points higher rates of low-encryption outcomes (20% vs. 15%).

While 95% of organizations actively pursuing CMMC 2.0 certification track some governance tracking effectiveness metrics, only 38% have instituted comprehensive governance control and tracking systems.

Just over half of organizations have centralized governance processes.

67% of organisations now rank information protection and governance as a top priority.

Of the organisations that have AI governance policies in place, only 34% perform regular audits for unsanctioned AI.

63% of breached organisations either don't have an AI governance policy or are still developing one.

78% of organisations employ governance frameworks for cloud security.

Most popular governance frameworks for cloud security used: NIST Cybersecurity Framework (40%), ISO/IEC 27001 (31%), SOC 2 Compliance (28%).

A smaller share of Canadian middle market firms indicate they don't have AI governance in place compared to U.S. respondents (5% versus 20%).

34% of smaller middle market companies noted that AI governance steps are not yet in place.

A lack of transparency and explainability was the top reason for turning off AI functionality, cited by 58%

Security and privacy risks were a reason for turning off AI functionality, cited by 55%