Kiteworks, a leading provider of data security solutions, recently announced results from its AI Data Security and Compliance Risk Survey. The report exposes widespread governance failures in AI data security, including:
- Just 17 percent of organizations have implemented automated technical controls, such as DLP scanning for AI data flows, and 26 percent report that more than 30 percent of data employees input into public AI tools is private. The findings emerge amid a surge in AI-related incidents. Stanford’s 2025 AI Index reports a 56.4 percent year-over-year increase in AI privacy incidents.
- 40 percent rely on employee training and audits.
- 20 percent depend solely on unmonitored warnings
- 13 percent have no specific AI policies at all.
Tim Freestone, Chief Marketing Officer at Kiteworks, states, “We’re seeing a systemic failure in governance at a time when Google reports 44 percent of zero-day attacks now target the very systems that manage data exchange.”
Manufacturing organizations are failing to differentiate their AI security practices from other industries—despite their heightened exposure to IP theft and operational disruption. “This alignment with average practices—despite manufacturing’s unique risks—suggests a dangerous underestimation of sector-specific threats,” said Freestone. Governance maturity follows a familiar pattern:
- 39 percent of manufacturers claim full implementation.
- 39 percent report partial implementation.
- 11 percent are planning implementation.
- 27 percent cite data leakage as the top risk.
- 24 percent are concerned about system vulnerabilities (vs. 23 percent average).
- 13 percent highlight third-party integration risks.
- 24 percent maintain comprehensive privacy controls.
- 33 percent use a balanced approach.
- 22 percent have no formal controls in place.
Across industries, organizations significantly overestimate their AI governance maturity:
- 40 percent claim framework implementation, but Gartner reports only 12 percent actually have a dedicated structure in place.
- Deloitte finds just nine percent reach “Ready” maturity while 23 percent believe they are “highly prepared”—a 14-point gap between perception and reality.
- EY reports 48 percent of tech companies already deploy AI agents, with 92 percent planning to increase AI investment—a 10-point increase from early 2024.
“Self-assessments often overstate AI readiness by 5x to 10x,” said Spencer. “As zero-day threats target the very infrastructure meant to protect data, failing to implement enforceable, automated governance is a critical oversight.” Based on these findings, Kiteworks urges organizations—especially manufacturers—to:
- Acknowledge Reality: Recognize overconfidence and validate claims with measurable evidence.
- Deploy Verifiable Controls: Move beyond training and deploy automated data governance technologies.
- Prepare for Regulation: Track data flows, measure gaps, and develop auditable controls before regulators intervene.
“The gap between awareness and implementation is no longer sustainable,” concluded Freestone. “AI is here, the risks are real, and organizations must act now before exposures escalate beyond control.”