A new BigID report reveals just how unprepared organizations are for the risks AI brings—from data leaks to compliance failures. The AI Risk & Readiness in the Enterprise: 2025 Report is a wake-up call: despite the hype, most organizations still lack the guardrails to secure their AI initiatives.
Here’s the reality:
- Only 6% of organizations have a mature AI security strategy.
- Nearly half don’t have any AI-specific security controls.
- And 64% lack visibility into their AI risks altogether.
That means enterprises are charging ahead with AI adoption without knowing who has access to sensitive data, how AI models are interacting with it, or how to stay compliant with fast-moving regulations.
Shadow AI Is Real. And It’s Growing.
The rise of unmonitored, unauthorized AI tools—known as Shadow AI—is making the situation even riskier. These tools are being used in the wild, bypassing corporate policies and opening the door to data leaks and compliance violations.
For many companies, it’s not just a gap in oversight but a full-blown blind spot.
AI Risk Looks Different in Every Industry
The report also dives into how key industries are struggling in different ways:
- Financial services: Only 38% have AI-specific data protection, despite handling highly sensitive information.
- Healthcare: More than half say complying with AI regulations is a major challenge.
- Retail: 48% have no visibility into how AI models handle customer data.
- Tech: Ironically, 42% of tech companies operate without any formal AI risk management strategy.
So What Can Companies Do About It?
BigID’s report outlines clear steps to help enterprises get ahead of the risk:
- Monitor and respond to AI risks in real time.
- Build AI-aware data governance strategies.
- Put controls in place to rein in Shadow AI.
- Align security and compliance strategies with global regulations through a holistic AI TRiSM (Trust, Risk, and Security Management) framework.
Organizations must rethink their approach to data in the age of AI. Implementing robust AI governance isn’t just about compliance—it’s about protecting your most valuable assets and gaining a competitive advantage through safer innovation.
– Eyal Sacharov, SVP of Research, BigID.
The Bottom Line
AI isn’t slowing down. Neither are the risks.
Download the full report to see how your organization stacks up—and what you can do to close the gap between AI ambition and AI security.