2025年企业AI风险与准备度报告

AI Risk &Readiness in theEnterprise Risk Outpaces GovernanceAI is accelerating innovationacross the enterprise—but riskis accelerating faster. 2025 REPORT AI Risk &Readiness in theEnterprise This report, based on a survey of 233 security, compliance, and data leaders,uncovers a sobering reality: organizations are moving forward with AIadoption, yet leaving governance behind. From data leaks to regulatory blindspots to shadow AI running amok, the AI risk gap is widening. This reportunpacks the findings question by question, weaving in enterprise takeaways,strategic guidance, and next steps to close the readiness gap. AI Risk is Outpacing Governance:Organizations Struggle to Keep Up 93.2%of organizations lack full confidence in securing AI-driven data, leavingthem exposed to security blind spots and compliance failures. 69.5%of organizations cite AI-powered data leaks as their top securityconcern in 2025, yet47.2%have no AI-specific security controls in place. Over80.2%of organizations are unprepared for AI regulatory compliance,risking fines and reputational damage. 39.9%admit they lack the tools to protect AI-accessible data, creating adangerous gap between AI adoption and security controls. Only6.4%of organizations have an advanced AI security strategy, signalingwidespread unpreparedness for AI-driven threats. AI Risk Awareness vs. Reality Understanding AI risk is the foundation of AI governance. But without visibilityinto how models interact with sensitive data, enterprises are flying blind. Lackof oversight creates blind spots, compliance gaps, and potential exposure tounauthorized access, shadow AI behavior, or biased outcomes. Survey Question:How well does your organization understand the risksassociated with AI models and sensitive data exposure? 39.5%of organizations are inearly-stage AI risk assessment,while24%are aware but notactively managing it. 5.6%of organizations havezero visibility into AI modelrisks,making them highlysusceptible to AI-driven threats. Key Insight: More than two-thirds of organizations admit theyare early-stage or not actively managing AI risk—yet AI adoption is already in motion. Takeaway:AI transparency is critical for risk management. Enterprises mustmove beyond awareness to implementation—starting with visibility into howAI interacts with data. Organizations should implement AI risk monitoringsolutions and data discovery tools that provide real-time visibility into AIinteractions with sensitive data. Next Steps: ;Deploy AI risk discovery tools that identify model-data interaction;Establish ownership for AI governance across security, privacy, andcompliance ;Create an inventory of models, their data sources, and risk exposure AI-Powered Data Leaks & Shadow AI:The Top Threats of 2025 Why It Matters:As AI expands its footprint, so does its risk of exposingsensitive information. Shadow AI—unauthorized or unmonitored AI tools—further compounds that risk by operating outside of security visibility. Survey Question:Which of the following AI risks is your organization mostconcerned about in 2025? (Select all that apply) 69.5%of organizationsrank AI-powered data leaksas their biggest securityconcern. 58.4%fear unstructureddata exposure. 48.5%worry about “DarkAI” or Shadow AI operatingwithout oversight. Key Insight: Data leaks remain the most feared threat—especially through AI’sinteraction with unstructured data and the rise of unauthorized models.Organizations must act with urgency, implementing AI-specific dataclassification policies and access controls to prevent exposure anddetect rogue model activity. Takeaway:Shadow AI isn’t a hypothetical—it’s already inside manyenvironments. Lack of control over AI tools leads to uncontrolled risk. Next Steps: ;Enforce model registration and monitoring;Use DSPM and classification to label AI-accessible data;Flag unusual or rogue model behavior;Take action to remediate risk: flag and tag data that’s safe for AI use;establish least privileged permissions for models accessing sensitive data;and minimize sensitive and regulated data to shadow AI exposure. BigID helps organizations uncover Shadow AI and monitormodel-data interactions. AI Security Controls: What’s Missing Why It Matters:Security must evolve to meet the complexity of AI. Traditionalcontrols aren’t built for AI pipelines, model endpoints, or training datagovernance. Without AI-aware tools, enterprises risk applying outdatedsolutions to a fast-moving problem. Survey Question:What AI controls does your organization currently have inplace? 47.2%of organizations haveno AI security controls in place. 21%have AI-specific dataclassification and protectionstrategies. Key Insight: Nearly half of organizations lack any formal AI controls—despiterising fears around data exposure and model misuse. Secure AI usagebegins with governance. Build visibility across all model endpoints,enforce access rules, and monitor pipelines for shadow AI behavior. Enterpr