50% of organizations have formal, active AI policies in place, and 42% are actively developing AI governance frameworks.

70% of operational management professionals reported using ungoverned AI tools.

Only 26% of organizations have fully documented and enforced AI governance policies in 2025.

76% of operations professionals say their organization relies on workarounds because their tools and processes can’t keep pace with changing business priorities.

7% of organizations reported having a dedicated AI governance team.

11% of organizations reported feeling prepared to meet emerging regulatory requirements.

69% of IT leaders globally reported lacking a formal tracking system to monitor AI adoption.

49% of IT leaders globally either don't track AI usage at all or address AI on a reactive basis.

61% of IT leaders globally found unauthorized AI tools in their environments.

13% of IT leaders globally consider their organization's management of shadow AI risks as 'highly effective'.

9% of IT leaders globally believe their organization has a 'highly effective' defense against AI-generated cyber threats.

13% of organizations reported having strong visibility into how AI systems handle sensitive data.

26% of IT leaders globally have solutions in place to monitor AI usage.

23% of organizations admitted to having no controls for AI prompts or outputs.

Fewer than 30% of enterprises feel prepared for upcoming AI governance requirements.

Only 32% of organizations operate at a managed level with measured effectiveness and reporting in AI security governance.

70% of organizations adopting AI are lacking optimized governance.

50% of organizations reported that their organization uses AI for AI governance.

39% of organizations operate with inadequate AI governance structures entirely, relying on inconsistent frameworks, ad hoc practices, or no AI-specific governance at all.

A smaller share of Canadian middle market firms indicate they don't have AI governance in place compared to U.S. respondents (5% versus 20%).