BigID Reports Majority of Enterprises Lack AI Risk Visibility in 2025

NEW YORK, June 5, 2025 — BigID, a leader in data security, privacy, compliance, and AI data management, has announced its AI Risk & Readiness in the Enterprise: 2025 Report, revealing that a majority of organizations are struggling to keep pace with the security and governance challenges posed by artificial intelligence (AI). The report highlights an alarming disconnect between the rapid adoption of AI technologies and the implementation of necessary security controls, creating significant enterprise risk.

The study surveyed security, compliance, and data leaders across multiple industries and found that nearly two-thirds (64%) of organizations lack full visibility into their AI risks, leaving them vulnerable to security blind spots and compliance failures. This issue is exacerbated by the rise of Shadow AI, unauthorized or unmonitored AI tools used within enterprises, further increasing exposure to data misuse and regulatory violations.

“The rapid adoption of AI has created a critical security oversight for many organizations,” says Dimitri Sirota, CEO at BigID. “Our research reveals that while businesses are eager to leverage AI capabilities, they’re simultaneously exposing themselves to unprecedented risks by neglecting proper security governance. This gap between innovation and protection must be addressed immediately before these vulnerabilities lead to significant breaches.”

Key Findings
Organizations face a critical security gap as AI adoption outpaces necessary protections, creating substantial risks around data leaks, compliance, and governance.

• AI-Powered Data Leaks: 69% of organizations cite AI-powered data leaks as their top security concern in 2025, yet nearly half (47%) have no AI-specific security controls in place.
• Regulatory Unpreparedness: Nearly 55% of organizations are unprepared for AI regulatory compliance, risking potential fines and reputational damage as new regulations take effect.
• Data Protection Gaps: Almost 40% of organizations admit they lack the tools to protect AI-accessible data, creating a dangerous gap between AI adoption and security controls.
• Limited Maturity: Only 6% of organizations have an advanced AI security strategy or a defined AI TRiSM (Trust, Risk, and Security Management) framework, signaling widespread unpreparedness for AI-driven threats.

Industry-Specific Challenges
Key industries remain critically underprepared for AI risks, with significant gaps in protection, compliance, visibility, and risk management across sectors.

• The financial services sector, despite handling highly sensitive data, shows that only 38% of firms have AI-specific data protection measures in place.
• In healthcare, 52% of organizations cite compliance with AI regulations as a major challenge.
• 48% of retailers lack visibility into how AI models handle customer data.
• Technology companies, ironically, are among the least prepared, with 42% operating without any AI risk management strategy, despite leading AI innovation.

Recommendations for Organizations
To improve their AI risk posture, organizations must strengthen AI governance through the implementation of new strategies. Companies should:

• Deploy AI risk monitoring and response mechanisms
• Establish AI-aware data governance strategies
• Implement access controls to mitigate shadow AI & prevent unauthorized AI data interactions
• Align AI security and compliance strategies with evolving regulations through a comprehensive AI TRiSM approach

“Organizations must rethink their approach to data in the age of AI,” says Eyal Sacharov, SVP of Research at BigID. “Implementing robust AI governance isn’t just about compliance—it’s about protecting your most valuable assets and gaining a competitive advantage through safer innovation.”

Methodology
The report is based on responses from security, compliance, and data professionals across multiple industries, with representation from technology (34%), financial services (21%), government (8%), healthcare (5%), retail (5%), and other sectors (27%). The survey included small-to-mid-sized enterprises (54%), mid-market companies (26%), and large enterprises (20%) across North America, Europe, Asia-Pacific, the Middle East, Africa, and Latin America.

For more information or to download the full report here.

About BigID
BigID empowers organizations to know their enterprise data and take action for data-centric security, privacy, compliance, AI innovation, and governance. Customers deploy BigID to proactively discover, manage, protect, and get more value from their regulated, sensitive, and personal data across their data landscape.

BigID has earned numerous accolades, including being highlighted as CRN’s top 100 security companies two years in a row in 2024 and 2023, a finalist in CRN’s 2024 Tech Innovator Awards, recognized as the most innovative security company of the year for its AI data security in the 2024 Globee Awards, and named as a “Market Leader Data Security Posture Management (DSPM)” in the 2023 Global InfoSec Awards. Additionally, BigID’s impressive growth earned it a spot on the 2024 Deloitte 500 for the fourth consecutive year, one of CNBC’s Top 25 Startups for the Enterprise, named to the Forbes Cloud 100, and recognized on the 2024 Inc. 5000 for the fourth consecutive year.

Source: BigID