The Rise of AI in Organizations: An Ominous Absence of Safety Policies
Recent research by ISACA, published on May 5, has highlighted a concerning trend in organizations that increasingly rely on artificial intelligence (AI) tools. While a remarkable 90% of digital trust professionals believe that staff members are utilizing AI in their day-to-day operations, a significant portion of these organizations—almost half—lack any formalized safety or security policies governing the use of such technologies. This oversight exposes them to potential threats, including data breaches and various cyber vulnerabilities.
Despite the evident integration of AI within the workplace, only 38% of the professionals surveyed reported having a comprehensive AI policy in place. Furthermore, approximately another 30% acknowledged the existence of a limited policy. Alarmingly, 25% of organizations have no policies regarding AI usage whatsoever. This lack of structured governance raises questions about the management of AI tools and the potential risks involved, especially as employees increasingly turn to AI applications for assistance in their roles.
The phenomenon known as "Shadow AI" has emerged as a direct consequence of inadequate policy frameworks. Employees, in their quest for efficiency, are frequently utilizing unregulated AI tools, such as large language models (LLMs), to complete tasks. This unmonitored use poses a significant risk where sensitive company information could inadvertently be shared with these AI models, further complicating the landscape of data privacy and security.
Those participating in the ISACA annual AI Pulse Poll expressed significant uncertainty about their organizations’ preparedness to mitigate incidents stemming from Shadow AI tools that remain unknown to IT and security teams. A staggering 56% of respondents conveyed they do not know how long it would take to shut down an AI system in the event of a security breach, underscoring gaps in both knowledge and procedural readiness.
Only 20% of organizations have established any protocols to shut down or override AI systems in case they engage in harmful activities, such as those caused by data poisoning attacks. This inadequate preparedness may lead not only to immediate risks but also to long-term vulnerabilities that could harm organizational integrity and stakeholder trust.
Ulrika Dellrud, a member of ISACA’s Emerging Trends Working Group and the chief privacy and data ethics officer at Smarter Contracts, remarked on the gravity of the situation. She noted that just 38% of practitioners feel confident in their board’s understanding of AI-related risks, highlighting a critical leadership gap that mirrors technological deficiencies. "Effective AI governance starts with mastering your data," she stated, emphasizing that strong data and privacy management is foundational to navigating AI risks and fostering trust.
Furthermore, as the landscape of cybersecurity evolves, professionals have reported mounting concerns regarding AI-enabled threats. Many believe that these new risks are not only escalating but also often go unnoticed within their organizations. In the poll, several key challenges associated with AI threats came to the forefront:
- A significant 71% of respondents indicated that AI-generated phishing and social engineering attacks are more difficult to identify.
- About 58% expressed that AI has significantly complicated the authentication of digital information.
- Furthermore, 38% reported a decline in trust towards traditional threat detection methods as a result.
Despite these challenges, the sentiment among respondents is not entirely bleak. Many professionals recognize the potential for AI to bolster cybersecurity defenses. In fact, 43% reported that the implementation of AI-based cybersecurity tools has enhanced their organization’s ability to detect and respond to cyber threats effectively.
The ISACA AI Pulse Poll, reflecting insights from 3,400 global digital trust professionals across various roles—including IT audit, governance, cybersecurity, privacy, and emerging technology—serves as a crucial reminder of the urgent need for organizations to establish robust AI governance frameworks. As AI technologies continue to advance, organizations must not only embrace innovation but also prioritize disciplined governance and responsible data stewardship to ensure sustainable operations in an increasingly complex digital landscape. The path forward lies in addressing these vulnerabilities to build a secure and trustworthy AI-enabled future.