AI can’t deliver without trusted, well-governed information

While enterprise IT leaders recognize the transformative potential of AI, a gap in information readiness is causing their organizations to struggle in securing, governing, and aligning AI initiatives across business, according to a survey conducted by the Ponemon Institute.

Who is the final authority for setting your organization’s AI strategy? (Source: Ponemon Institute)

73% of CIOs, CISOs, and other IT leaders believe reducing information complexity is key to AI readiness.

“Without trusted, well-governed information, AI can’t deliver on its promise,” said Shannon Bell, Chief Digital Officer, OpenText.

Information complexity impedes readiness

While AI is a high priority, the research underscores a key gap, that most organizations lack the information readiness to deploy AI securely. The report also found that while IT and security leaders remain confident in the ROI of AI, it is difficult to adopt, secure, and govern.

As this gap widens, information management is becoming the connective tissue between enabling innovation and maintaining trust.

73% say reducing complexity is essential for a strong security posture, with unstructured data among the top contributors to complexity.

To address data security risks in AI, 46% of respondents say they are developing a data security program and practice. Just 43% are very or highly confident in their ability to measure ROI on securing and managing information assets.

Major barrier to AI investments

Leaders are optimistic about the value AI can deliver, but readiness is low. Many organizations still lack the security, governance, and alignment needed to deploy AI responsibly.

57% of respondents rate AI adoption as a top priority, and 54% are confident they can demonstrate ROI from AI initiatives. However, half say it’s difficult to reduce AI security and legal risks.

Despite being a priority, the top governance challenge is insufficient budget for investments in AI technologies. 31% of respondents say there is insufficient budget for AI-based technologies.

This is followed by 29% of respondents who say there is not enough time to integrate AI-based technologies into security workflows, 28% of respondents who say IT and IT security functions are not aligned with the organization’s AI strategy and 28% of respondents say their organizations can’t recruit personnel experienced in AI-based technologies.

GenAI is gaining traction, with a third having adopted it, and another 26% planning to in the next six months. Top GenAI use cases include security operations, employee productivity, and software development. Less than a quarter have adopted agentic AI and only 16% will adopt it in the next six months. Less than a third of those rate agentic AI as highly important to their business strategy.

How organizations achieve AI readiness

The research also revealed best practices for achieving AI readiness based on responses from the organizations that have invested in AI. These include:

Protect sensitive data exposure: Organizations should know where sensitive data resides, who can access it, and how it is used. Strong access controls, data classification policies and anomaly detection tools can help reduce exposure.

Implement responsible AI practices: A comprehensive approach includes data cleansing and governance, validating AI inputs and outputs, employee training, and regular model bias checks to ensure AI is used safely and ethically.

Strengthen encryption: Encryption should be applied to data in storage, transit and during AI processing. This ensures that sensitive information remains protected throughout the AI lifecycle.