Trialling and deploying AI-enabled applications has quickly become a strategic priority for enterprises but this is amid lasting concerns over whether CIOs can deliver the right platforms to contain potential data security and governance risks from AI tools.

Alongside an explosion of interest in AI tools right across enterprises’ lines of business – Gartner estimates that more than 80 percent of enterprises will have deployed GenAI APIs and/or have GenAI applications in production by 2026 – attention is focusing increasingly on security and data infrastructure blind spots which have the potential to constrain, or even derail, organisations’ ambitions to streamline their operations and sharpen their competitive edge using AI tools. 

Scale of Investment

Recent research of 1000 organisations worldwide by Nasuni has underlined the scale of the AI investment and the infrastructure questions surrounding it. The survey found that the vast majority (92 percent) of companies have already secured dedicated budget for AI-related initiatives, cloud spending has also increased as a result with companies investing an average of 18 percent more in this area to support their AI projects.

When the survey examined potential barriers to AI uptake, concerns over data security and privacy were rated the biggest challenge to AI implementations – noted by 34 percent of respondents, significantly ahead of other difficulties such as a shortage of skilled personnel (27 percent), difficulty integrating with existing systems/workflows (25 percent), budget limitations (24 percent) and the lack of clear strategy for AI implementation (23 percent).

These worries are equally marked among large organisations, with almost four in ten (38 percent) of 50,000+ headcount companies labelling security and privacy as their biggest challenge when planning AI adoption, with markedly similar concerns in important market sectors, such as financial services (37 percent) and the public sector (38 percent).

From our findings, this misalignment between AI plans and deployments is most pronounced in larger organisations. The complexity of their IT and data management environments inevitably makes it far harder to centralise and streamline legacy infrastructures and applications. So it’s not altogether surprising that these large organisations, despite the resources at their disposal, are often the least confident in their ability to support enterprise AI at scale.

No Grafting of AI

These challenges underline the reality that AI tools can’t be grafted onto existing risk management models or technology stacks. Without wider investment in robust data security practices and data infrastructure, IT heads could face a range of risks – from poor application performance outcomes to compliance issues.

Nasuni’s research shows that many enterprises are making steady progress towards derisking advances such as AI implementations through their wider commitment to modernising tech infrastructures.

For example, while half (51 percent) of organisations that have no plans to operate a hybrid cloud model are most likely to be most preoccupied by data security and privacy risks during AI deployment, this figure falls to only one third (33 percent) among those planning to adopt a hybrid cloud infrastructure and to less than one third (31 percent) of those already running such a model.

Machine learning models and large language models are only as effective as the information they can access and only as safe as the security guardrails in place. When critical and sensitive file data remains fragmented across silos, stored in legacy systems, or lacking in structure, some of today’s AI projects could be set up to struggle when full risk management and security foundations have yet to be laid.

Refocus Resources

While we can applaud organisations’ prioritising of investment in AI, without CIOs refocusing these resources on the foundations of risk management, data security measures, infrastructure improvements and data governance – right across the enterprise – even the most sophisticated AI strategies will fail to deliver on CIOs’ expectations and meet corporate objectives. 

This clear gap between corporate AI planning and being able to operate secure infrastructures and ensure data readiness represents is one of the most pressing questions facing IT and business leaders in 2025.

Nick Burling Senior Vice President of Product Nasuni