AI has become embedded in organisations, yet fewer than half have any form of AI safety or security policies in place, potentially leaving them exposed to data breaches, privacy failures and other cyber threats, according to ISACA. The ISACA AI Pulse Poll, published on 5 May, found that 90% of digital trust professionals believe employees in their organisation use AI tools, while 38% said their organisation has a formal, comprehensive AI policy and 30% have a limited policy.
Despite AI’s rise, 25% of organisations reported no policies around AI at all, contributing to the growth of Shadow AI as employees use tools like LLMs for daily work. The poll also revealed uncertainty in incident response: 56% do not know how long it would take to halt an AI system after a security incident, and only 20% said they have a process to shut down or override AI systems if something goes wrong.
Ulrika Dellrud of ISACA emphasised that effective AI governance hinges on data, with leadership and responsible data stewardship as essential foundations.