FRIDAY 1 AUG 2025 10:30 AM

AI OVERCONFIDENCE HAS LED TO 'POLICY-PRACTICE GAP', STUDY FINDS

New research reveals a growing disconnect between AI adoption and governance.

A new report from risk and compliance platform AuditBoard reveals a growing disconnect between AI adoption and governance among companies globally, highlighting increasing exposure to unmanaged risk.

While 92% of organisations express confidence in their third-party AI use, only two-thirds conduct formal AI-specific risk assessments for those systems, according to the report. This suggests many companies are moving ahead with AI deployment without having fully implemented governance frameworks.

Only a quarter of respondents report having a comprehensive AI governance program in place, despite 86% being aware of current and upcoming regulations. Rather than technical barriers, the report identifies cultural challenges as the main obstacles to effective governance. These include lack of ownership, limited internal technical skills and few resources.

"AI governance today is a test of execution, not awareness," says Rich Marcus, chief information security officer at AuditBoard. "Clarity, ownership and alignment are where many organisations fall short."

The report calls for companies to embed governance practices into daily operations rather than relying solely on policy documents.