A new survey by KnowBe4, a leading cybersecurity platform, reveals a significant gap between the widespread adoption of Artificial Intelligence (AI) tools by employees and their understanding of company policies governing AI usage. This disparity leaves organizations vulnerable to potential data breaches, compliance violations, and reputational damage. The survey, conducted across Germany, South Africa, the Netherlands, France, the UK, and the US, highlights a critical AI governance gap that requires immediate attention from businesses.
The survey findings paint a concerning picture: while a large majority of employees (an average of 60.2%) are actively engaging with AI tools in their daily work, a strikingly low percentage (only 18.5%) are aware of their organization's official policies regarding AI usage. This significant discrepancy indicates that much of the AI activity within companies is occurring without proper guidance or oversight. Compounding this risk, one in ten employees (10%) admitted to inputting sensitive client data into an AI tool to complete a work task, potentially exposing confidential information.
"An AI governance gap is like a ticking time bomb for organizations," said Roger Grimes, data-driven defense evangelist at KnowBe4. "When the majority of your workforce is using AI but fewer than 20% understand the rules of engagement, you have a massive problem. AI tools are powerful, but without clear policies and training, employees may unknowingly feed sensitive information, like client data, into systems that were not designed to handle it securely. We often think of cyber risk as external, but in the age of AI, internal misuse, however unintentional, could lead to serious data breaches, compliance violations, and reputational damage."
The survey also revealed interesting regional differences in AI adoption and policy awareness. While the global average for AI tool usage in the workplace stands at 60.2%, South Africa recorded the highest adoption rate at 70.1%, suggesting a more widespread embrace of AI. Conversely, France showed the lowest adoption rate, with only 54.2% of employees reporting AI tool usage, indicating a slower uptake.
Despite varying adoption rates, the policy awareness gap remains a consistent challenge. An average of 14.4% of employees across the surveyed regions reported being entirely unaware of their company's AI policy. This lack of awareness was particularly pronounced in the Netherlands (16.1%) and the UK (15.8%), highlighting a clear need for improved communication and training strategies. Furthermore, the survey found that only an average of 17% of employees use AI at work with the knowledge of their IT/security team. Even in South Africa, where this figure was highest at 23.6%, the overall low percentage indicates that organizations need to be more proactive in providing and promoting approved AI solutions.
The research underscores the urgent need for organizations to bridge this awareness-usage gap. This involves not only establishing clear AI policies but also actively communicating them to employees. Comprehensive training on ethical and secure AI use is crucial, as is offering approved, user-friendly AI tools. By taking these proactive steps, businesses can mitigate the significant risks associated with uncontrolled AI adoption and safeguard their data, compliance, and reputation in the evolving digital landscape.
KnowBe4 empowers workforces to make smarter security decisions every day. Trusted by over 70,000 organizations worldwide, KnowBe4 helps to strengthen security culture and manage human risk. KnowBe4 offers a comprehensive AI-driven 'best-of-suite' platform for Human Risk Management, creating an adaptive defense layer that fortifies user behavior against the latest cybersecurity threats. The HRM+ platform includes modules for awareness & compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. As the only global security platform of its kind, KnowBe4 utilizes personalized and relevant cybersecurity protection content, tools and techniques to mobilize workforces to transform from the largest attack surface to an organization's biggest asset.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.