Skip to content
Menu
Menu

AI Governance Continues To Trail Enterprise AI Adoption, ISACA Survey Finds

The global survey found AI is now a standard part of business operations, but AI governance continues to lag behind the pace of adoption.

Key Takeaways

  • 90% of respondents said that employees in their organizations use AI.
  • Only 38% said their organization has a formal, comprehensive AI policy.
  • 45% said AI risk is an immediate organizational priority.
  • Only 38% expressed confidence in their board’s understanding of and action against AI risks.
  • Just 12% said their organization has a documented AI shutdown process they test regularly.

AI has become a standard part of enterprise operations, but governance frameworks continue to lag behind adoption, according to ISACA’s 2026 Taking the Pulse of AI survey.

90% of respondents reported that employees are using AI within their organization, while 81% said employees are using generative AI specifically. Based on responses from more than 3,400 technology, governance, risk, and cybersecurity professionals worldwide, the findings suggest AI has moved from experimentation to everyday business use.

Governance lags behind AI adoption

Despite AI use being commonplace, many organizations have yet to establish guardrails regarding its use.

Only 38% of organizations reported having a formal, comprehensive AI policy, up from 28% in 2025. Another 30% said they have a limited policy, while one-quarter said their organization has no active AI policy at all. Meanwhile, just 45% of respondents said AI risk is an immediate organizational priority, indicating that governance efforts continue to lag behind AI deployment.

The survey also found that AI literacy is becoming an essential workplace skill. 78% of respondents said AI skills are now very or extremely important to their profession, up from 72% a year earlier. At the same time, only one-third of organizations now provide AI training to all employees.

Board oversight still has gaps

The governance challenge extends into the boardroom.

Only 38% of respondents said they are confident their board understands AI risks and is taking appropriate action. The finding suggests many organizations have not yet fully incorporated AI governance into executive oversight, even as AI becomes embedded across business operations.

The survey found that respondents remain most concerned about AI’s potential to create security and operational risks, even as organizations continue to expand their use of the technology. However, only 36% expressed confidence in their organization’s ability to detect AI-generated misinformation.

Organizations aren’t ready to respond

The survey also points to significant gaps in operational preparedness should an AI system malfunction or be compromised.

Only 12% of respondents said their organization has a documented AI shutdown or override process that is regularly tested. Another 8% said a documented process exists but has not been tested, while 39% did not know whether such a process exists at all. Separately, 56% said they do not know how long it would take their organization to halt an AI system following a security incident.

 

The report is the latest to demonstrate a gap between AI adaptation and governance. In recent months, AI Risk Today published results of several reports centered on this “governance gap.” All are pointing to the same problem: with AI adoption accelerating, governance planning is still well behind.

Clayton Rifkind

Clayton Rifkind is the Founder and Senior Editor of AI Risk Today. He also advises on content development for esgtoday.com, a leading source of ESG investment news and research for institutional investors and corporate leaders. He has 20+ years experience in B2B technology marketing, leading strategy and execution of go-to-market plans across software, enterprise platforms, and mobile applications. He also founded two marketing consultancies, advising startups and Fortune 1000 companies, including Autodesk, Intel, and Microsoft. Clayton began his career in the San Francisco advertising scene, working with brands such as Hewlett-Packard, Intel, Microsoft, Symantec, and Wells Fargo.

Essential AI Risk Intelligence

Daily insights on AI governance, regulation, and enterprise risk management. Trusted by Chief Risk Officers and compliance leaders globally.

By subscribing, you agree to receive our daily newsletter. Unsubscribe anytime.

Advertise with AI RIsk Today, Today!