Notifications
Clear all
Topic starter
03/06/2026 5:14 pm
TL;DR: AI enterprise adoption is widening a readiness gap, with IDC’s April 2025 Data Security and Privacy Survey showing only 29% of organisations report complete alignment between security teams and business leadership on AI objectives, down from 35% in 2024. Data visibility and classification are now governance issues, not just security controls, because AI systems need broad, timely access to high-quality data.
NHIMG editorial — based on content published by Cyera: Democratizing Data, balancing security, risk, and business value in the age of AI
By the numbers:
- In IDC’s April 2025 Data Security and Privacy Survey, only 29% of organisations reported complete alignment between security teams and business leadership on AI objectives, down from 35% in 2024.
Questions worth separating out
Q: How should security teams govern data access for AI workloads?
A: They should govern AI data access by business purpose, dataset classification, and downstream reuse, not by repository alone.
Q: Why does AI make data classification more important for IAM?
A: AI increases the number of identities, pipelines, and services that can touch the same data, so classification becomes the basis for deciding who or what should access it.
Q: What breaks when organisations expand data access for AI too quickly?
A: Access reviews become outdated, approval chains fragment, and monitoring cannot explain why sensitive data was exposed in the first place.
Practitioner guidance
- Define AI data access by use case Map each AI workload to a specific business purpose, approved dataset, and downstream reuse boundary.
- Tie classification to access decisions Require data discovery and classification outputs before approving new AI workflows, service accounts, or analytics pipelines.
- Separate human review from machine access patterns Rework access reviews so that service accounts and AI-enabled workflows are evaluated against their actual data flows, not human role templates.
They need a repeatable decision model that ties business purpose to classification and entitlement scope, or the organisation will keep approving exposure faster than it can govern it?
👉 Read Cyera's report on balancing security, risk, and business value in AI data access →
Explore further
03/06/2026 5:18 pm
AI data democratization is an identity governance problem before it is a data access problem. The article shows that enterprises want broader access to data to support AI, but the security model has not kept pace with that demand. When data becomes the fuel for both human and machine workflows, IAM, classification, and monitoring become inseparable. Practitioners should treat access expansion as a governance event, not a storage decision.
A few things that frame the scale:
- 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: How do organisations know whether AI data governance is working?
A: They should look for evidence that sensitive datasets are classified, access is limited to approved use cases, and reuse is traceable across pipelines and identities. If the organisation cannot answer who accessed the data, which workflow used it, and how it was reused, governance is not working.
👉 Read our full editorial: AI data democratization is widening the security readiness gap
