Kiteworks, a leading provider of data security solutions, recently released the results of its AI Data Security and Compliance Risk Survey. This report reveals broad governance failures in AI data security, including:
Only 17% of organizations implementing automated technical controls, such as DLP scans of AI data flows, and 26% report being private that over 30% of data employees are entering into public AI tools. The findings emerge amid a surge in AI-related cases. Stanford’s 2025 AI Index reports a 56.4% increase in AI privacy incidents from the previous year. 40% relies on employee training and auditing.
Tim Freestone, Chief Marketing Officer at Kiteworks, said “When Google reports that 44% of zero-day attacks are currently targeting systems that manage data exchange, there are systemic obstacles to governance.”
Manufacturing organizations have failed to distinguish AI security practices from other industries despite increased exposure to IP theft and operational disruptions. “This consistency with average practices, regardless of the unique risks of manufacturing, calls for a dangerous underestimation of sector-specific threats,” Freestone said. Governance maturity follows a familiar pattern.
39% of manufacturers advocate for full implementation. Partial implementation of the 39% reporting part. 1,111 percent plan to implement the plan. 27% cite data leaks as the top risk.
Industry-wide, organizations have significantly overestimated the maturity of AI governance.
There is a 40% implementation of the claims framework, but Gartner reports that it actually implements a dedicated structure. Deloitte finds a “ready” maturity of just 9%, while 23% believes it is “highly prepared.”
“Self-assessment often exaggerates AI preparation five to ten times,” Spencer said. “It’s important to have failed to implement enforceable automated governance because zero-day threats target highly infrastructure to protect data.” Based on these findings, Kiteworks encourages organizations, especially manufacturers.
Acknowledge reality: Recognize overconfidence and use measurable evidence to verify claims. Deployable Controls: Deploy automatic data governance technology beyond training. Regulatory preparation: Track data flow, measure gaps and develop auditable controls before regulators intervene.
“The awareness and implementation gap is no longer sustainable,” Freestone concluded. “AI is here, the risks are real and organizations must act now before exposure escalates beyond control.”
