The AI oversight gap
New global research from IBM and Ponemon Institute reveals how AI is greatly outpacing security and governance in favor of do-it-now adoption. The findings show that ungoverned AI systems are more likely to be breached and more costly when they are.
The global average cost of a data breach, in USD, a 9% decrease over last year—driven by faster identification and containment.
Share of organizations that reported an AI-related security incident and lacked proper AI access controls.
Share of organizations that lacked AI governance policies to manage AI or prevent the proliferation of shadow AI.
Cost savings, in USD, from extensive use of AI in security, compared to organizations that didn’t use these solutions.
Take action
AI and automation can fortify identity security without overburdening understaffed teams. Implementing strong operational controls for non-human identities (NHIs) and adopting modern, phishing-resistant authentication methods, such as passkeys, can significantly reduce the risk of credential abuse.
Implement strong data security fundamentals: data discovery, classification, access control, encryption and key management. Leverage AI and data security to protect data integrity and avoid compromise. These measures are essential as AI becomes both a threat vector and a security tool.
Investing in integrated security and governance solutions allows organizations to gain visibility into all AI deployments (including shadow AI), mitigate vulnerabilities, protect prompts and data and use observability tools to improve compliance and detect anomalies.
As attackers use AI for more adaptive attacks, security teams must also embrace AI technologies. AI-powered security tools and services can reduce alert volume, identify at-risk data, spot security gaps, detect breaches early and enable faster, more precise responses.
Building resilience means quick detection and containment of security issues. Effective crisis response means regularly testing incident response (IR) plans and backups, defining clear roles in the event of a breach and conducting crisis simulations.
AI and automation can fortify identity security without overburdening understaffed teams. Implementing strong operational controls for non-human identities (NHIs) and adopting modern, phishing-resistant authentication methods, such as passkeys, can significantly reduce the risk of credential abuse.
Implement strong data security fundamentals: data discovery, classification, access control, encryption and key management. Leverage AI and data security to protect data integrity and avoid compromise. These measures are essential as AI becomes both a threat vector and a security tool.
Investing in integrated security and governance solutions allows organizations to gain visibility into all AI deployments (including shadow AI), mitigate vulnerabilities, protect prompts and data and use observability tools to improve compliance and detect anomalies.
As attackers use AI for more adaptive attacks, security teams must also embrace AI technologies. AI-powered security tools and services can reduce alert volume, identify at-risk data, spot security gaps, detect breaches early and enable faster, more precise responses.
Building resilience means quick detection and containment of security issues. Effective crisis response means regularly testing incident response (IR) plans and backups, defining clear roles in the event of a breach and conducting crisis simulations.