COMMENTARY: AI adoption continues to spread – and that’s why more organizations take steps to mitigate the security risks posed by AI tools. Our organization’s 2025 State of AI study found that 80% of companies now have an AI acceptable use policy—a huge increase from 46% in 2024. The report also found that 90% of companies claim to have an information management framework to mitigate AI risks, though only 33% of respondents say that they classify and protect data effectively. [SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]It’s encouraging to see more organizations implement policies and technology to manage the risks associated with AI, however, it’s clear from these stats there’s much more work ahead. Organizations must embrace a broader, deeper, and more dynamic approach to data governance and security, one that goes beyond initial policy creation and embeds strong AI governance into the very fabric of data and technology operations.What effective AI adoption looks like Today, organizations need to adopt holistic, comprehensive AI governance, which they should center around three core tenets:In this AI era, it’s no longer an option to deliver secure, resilient, and well-governed AI. It’s become a business imperative. Companies can show true leadership in AI not just through technological innovation, but also through a steadfast commitment to responsible stewardship and ethical development of AI solutions. Most security incidents happen in the gap between written policies and operational reality. Organizations can ensure relevant and robust AI governance by taking the following measures: ensure that data used by AI systems remains accurate, up-to-date, and well-managed. This dynamic approach will keep teams ahead-of-the-curve in our new fast-paced AI world. Dana Simberkoff, chief risk, privacy, and information security officer, AvePointSC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
- Practice holistic data governance: AI systems rely on accurate, relevant, and well-classified data, but research finds that many organizations still grapple with data sprawl and poorly governed datasets. Gartner found that even for high-maturity organizations, data quality has become one of the top barriers to AI implementation (29%), next to security threats (48%). Gartner also reported that over half (57%) of organizations believe their data is not yet AI-ready. Compounding the issue, AI itself has accelerated data growth. According to our The State of AI report, 79.2% of organizations now manage 1 petabyte or more of data — a 25% increase from last year. Organizations need to adopt better, smarter, and more holistic data governance frameworks. In holistic data governance frameworks, governance gets integrated across the entire data lifecycle – from creation and classification to storage and deletion – to ensure that data is kept accurate, secure, and accessible only to authorized users. By imposing these rules on the way they structure their data, security teams can limit the risk of accidental oversharing (both by AI tools and by human employees), build resilience against malicious attacks, and improve the relevance and output of AI tools. AI acceptable use policies aren’t nearly enough. Teams need to go beyond piecemeal policies and enact comprehensive data governance frameworks.
- Make strategic investments in AI literacy: AI adoption has accelerated, but many AI rollouts are delayed: 81.3% of organizations have delayed deploying Generative AI (GenAI) assistants because of concerns around data security and management, according to our AI report. As GenAI becomes embedded in everyday workflows, organizations that prioritize broad-based education and responsible use will be better positioned to innovate, adapt, and lead in an increasingly AI-driven world. McKinsey found that the majority (44%) of organizations today are upskilling only 5% of their employees in AI use. This may increase over the next three years, with 20% of organizations upskilling approximately 11% to 20% of their workforce, while another 19% will upskill more than half of their workforce.
- Prioritize proactive data protection: Our report found that 75% of organizations that use AI experienced a data exposure within the last year, and IBM claims that basic AI-related security measures are “barely present,” with only 32% of organizations regularly preforming AI model audits. The prevalence of AI-related breaches tells us that we all need to rethink the way that we approach data protection for the AI age. In the pre-AI world, many organizations felt that they could get by with barebones or static data protection. But today, the near ubiquity of AI-related breaches shows that this is no longer the case, with traditional static safeguards often failing to address the real-time complexities of AI. That’s why organizations have to shift toward proactive data protection measures. This could include targeted strategies such as automated data classification, ongoing access controls, and continuous anomaly detection to defend critical assets in dynamic environments. Other proactive data protection tactics include regular AI model audits to identify vulnerabilities and ensure compliance with security standards, data encryption both at rest and in transit to protect sensitive information from unauthorized access, real-time monitoring and alerting systems to swiftly respond to suspicious activities, and more.
