A mere 6% of organizations have implemented a comprehensive AI security strategy, indicating a significant lack of readiness against AI-related threats.
NEW YORK, June 4, 2025 /PRNewswire/ — BigID, a frontrunner in data security, privacy, compliance, and AI data management, has released its AI Risk & Readiness in the Enterprise: 2025 Report. The findings reveal that a majority of organizations are struggling to meet the security and governance challenges presented by artificial intelligence (AI). The report illustrates a concerning gap between the swift adoption of AI technologies and the establishment of essential security measures, resulting in considerable risk for enterprises.
The study, which included insights from security, compliance, and data leaders across various industries, shows that nearly 64% of organizations lack comprehensive visibility into their AI-related risks. This lack of oversight renders them susceptible to security vulnerabilities and compliance issues. Additionally, the proliferation of Shadow AI—unauthorized or unmonitored AI tools within organizations—exacerbates the threat of data misuse and potential regulatory infractions.
“The swift integration of AI into business processes has led to significant security oversights,” remarks Dimitri Sirota, CEO of BigID. “Our research uncovers a paradox: while organizations are eager to leverage AI’s capabilities, they risk exposing themselves to unprecedented threats due to inadequate security governance. It’s imperative to address this disconnect urgently before these weaknesses lead to critical data breaches.”
Key Findings
Organizations are facing a notable security divide as AI adoption progresses faster than the necessary protective measures, raising serious concerns related to data exposure and compliance.
- AI-Powered Data Leaks: 69% of organizations identify data leaks facilitated by AI as their foremost security concern for 2025, yet close to half (47%) lack dedicated AI security measures.
- Regulatory Preparedness: Nearly 55% of organizations are ill-equipped to meet evolving AI regulatory requirements, risking potential fines and reputational harm.
- Data Protection Shortfalls: About 40% admit to lacking tools to secure data accessible by AI, pointing to a critical disparity between AI usage and security measures.
- Limited Advancement: Only 6% have an advanced AI security strategy or a defined AI Trust, Risk, and Security Management (TRiSM) framework, highlighting widespread inadequacies in tackling AI-associated threats.
Industry-Specific Challenges
Several key sectors are significantly underprepared for AI-related risks, displaying substantial deficiencies in security, compliance, oversight, and risk management.
In the financial services sector, despite the sensitivity of the data handled, only 38% of organizations have implemented AI-specific protection mechanisms. The healthcare industry faces compliance challenges, with 52% acknowledging AI regulation adherence as a significant hurdle. Furthermore, 48% of retailers lack insight into how AI models manage customer information. Ironically, technology firms are some of the least prepared, with 42% lacking a strategic approach to AI risk management, despite being leaders in innovation.
Recommendations for Organizations
To bolster their AI risk management, organizations must enhance their governance frameworks by adopting new strategies. Specifically, they should:
- Implement AI risk monitoring and response protocols.
- Develop AI-centric data governance frameworks.
- Establish access controls to curtail Shadow AI and prevent unauthorized interactions with AI data.
- Align AI security and compliance strategies with shifting regulations through a comprehensive AI TRiSM approach.
“Organizations need to reconsider their data management strategies in the AI era,” advises Eyal Sacharov, SVP of Research at BigID. “Robust AI governance is crucial not just for compliance, but also for safeguarding your most critical assets and achieving a competitive edge through safer innovations.”
Methodology
The report is grounded in feedback from professionals in security, compliance, and data sectors across various industries, including technology (34%), financial services (21%), government (8%), healthcare (5%), retail (5%), and others (27%). It represents a diverse respondent base consisting of small-to-mid-sized enterprises (54%), mid-market firms (26%), and large corporations (20%) across North America, Europe, Asia-Pacific, the Middle East, Africa, and Latin America.
For further details or to access the full report, click here.
About BigID
BigID empowers organizations to understand their enterprise data and take action for data-centric security, privacy, compliance, AI innovation, and governance. By utilizing BigID, customers can discover, manage, safeguard, and derive more value from their regulated, sensitive, and personal data throughout their data landscape.
BigID has received numerous accolades, including recognition as one of CRN’s top 100 security companies for two consecutive years in 2024 and 2023, a finalist in CRN’s 2024 Tech Innovator Awards, and designation as “Most Innovative Security Company of the Year” for its AI data security in the 2024 Globee Awards. Additionally, its remarkable growth secured a spot on the 2024 Deloitte 500 for the fourth year running, alongside being named one of CNBC’s Top 25 Startups for the Enterprise and featured in the Forbes Cloud 100 and 2024 Inc. 5000 for the fourth consecutive year.
SOURCE BigID
