The AI Policy Gap: When 90% Use AI and 25% Have No Rules
ISACA’s 2026 AI Pulse Poll surveyed 3,400 digital trust professionals across IT audit, governance, cybersecurity, privacy, and emerging technology roles. Three numbers tell a story most security leaders already know but have not quantified for their boards: 90% say employees use AI tools. Only 38% have a formal, comprehensive AI policy. Twenty-five percent have no AI policy at all.
As Infosecurity Magazine reported, the gap has produced the predictable outcome: the rise of shadow AI, where employees use tools like LLMs to aid daily work and silently route sensitive company information through systems no one in security has approved or audited. The poll found something more troubling underneath the headline numbers: only 38% of practitioners are confident their board understands AI risk. The people who would normally escalate the problem are not sure the people they would escalate to can interpret what they are saying.
5 Key Takeaways
1. The AI policy gap just got specific.
ISACA’s 2026 AI Pulse Poll of 3,400 digital trust professionals found 90% say employees use AI tools, yet only 38% have a formal comprehensive AI policy and 25% have no policy at all. That ten-point jump from 28% in 2025 looks like progress until you compare it to the adoption curve — AI use grew faster than policy did, and the delta widened. The organizations without a policy are not outliers. They are one in four.
2. Policy on paper is not enforcement at the data layer.
A written acceptable-use document does not stop someone from pasting customer records into a public LLM at 11 p.m. Controls have to live where the data lives. The Kiteworks 2026 Forecast found 63% of organizations cannot enforce purpose limitations on AI agents and 60% cannot terminate a misbehaving one. These are control-plane deficiencies — not policy failures. AI governance without runtime enforcement is aspiration, not compliance.
3. Shadow AI now drives the most expensive insider category.
The 2026 Cost of Insider Risks Global Report names shadow AI the top driver of negligent incidents — the category that already costs organizations $10.3M annually at 53% of total insider risk cost. 92% of organizations say generative AI changed how employees share information; only 13% have formally integrated AI into their business strategies. That 79-point gap between behavior change and strategic response is the data loss surface shadow AI exploits.
4. The board does not know what it does not see.
Only 38% of practitioners are confident their board understands AI risk. The Kiteworks 2026 Forecast found 54% of boards are not engaged on AI governance, and those organizations are 26 to 28 points behind on every AI maturity metric — the single strongest correlation in the survey. The shadow AI problem is a symptom. The disease is governance disconnect at the top, and no keyboard-level policy closes that gap.
5. The fix is architectural, not aspirational.
Data-layer governance with attribute-based access controls, content-level enforcement, and tamper-evident audit logs governs AI access without depending on user behavior. If the AI tool cannot read the regulated content, the paste does not matter. If the AI agent cannot exceed its authorized purpose, the rogue prompt does not matter. Policy enforced at the data layer is the only policy that closes the 90/38/25 gap.
You Trust Your Organization is Secure. But Can You Verify It?
Shadow AI Is Already the Most Expensive Insider Category
The 2026 Cost of Insider Risks Global Report from DTEX and Ponemon names shadow AI the top driver of negligent insider incidents — the category costing organizations an average of $10.3M annually at 53% of total insider risk cost. The average annual cost of insider risk has reached $19.5M, up from $17.4M in 2024. 26% of MFT operators have already experienced incidents involving data exposure related to AI tools per the Kiteworks 2025 MFT Survey Report.
The DTEX/Ponemon data is sharp on cause: the dominant driver is well-intentioned employees optimizing for speed in complex workflows. Governance strategy aimed primarily at malicious-insider detection misses the actual breach surface entirely. The 92-to-13 gap between behavior change and strategic response is where the 90/38/25 triad lives.
Policy on Paper Cannot Stop a Paste at 11 P.M.
Imagine the most disciplined acceptable-use policy your legal team can write. Now imagine an account executive at the end of a quarter, summarizing a 30-page customer contract before an 8 a.m. board prep call. The policy says “do not paste customer information into public AI tools.” The executive has nine hours, a draft to write, and ChatGPT open in the next tab. The policy does not stop the paste. The policy is a document. The paste is a runtime event.
Without controls at the data layer — where the customer record actually lives — there is nothing between intent and exfiltration. This is what the Kiteworks 2026 Forecast calls the containment gap. 63% of organizations cannot enforce purpose limitations on AI agents. 60% cannot quickly terminate a misbehaving agent. 55% cannot isolate AI systems from the broader network. These are control-plane deficiencies, not policy failures. Written policy and runtime enforcement are not the same thing, and regulators are increasingly auditing the difference.
The Board Blind Spot Compounds Every Other Gap
ISACA’s finding that only 38% of practitioners are confident their board understands AI risk is not a soft statistic — it is the strongest single predictor of how far behind an organization actually is. The Kiteworks 2026 Forecast found 54% of boards are not engaged on AI governance, and those organizations trail by 26 to 28 points on every AI maturity metric. That is the strongest correlation in the survey.
This matters because AI governance is a fiduciary problem, not a technology problem. The EU AI Act’s main applicability date is August 2, 2026. The NIST AI Risk Management Framework continues to evolve. State-level AI laws are stacking. Each framework demands not just policy but evidence — time-stamped, exportable, defensible evidence of how AI systems behaved in practice. Boards that have not been briefed cannot underwrite the risk. Audit committees that cannot read an AI control map cannot sign the 10-K language about it. Closing the policy gap at the keyboard will not work if the board is not engaged on what those policies must enforce, what evidence they must produce, and what investments they require.
The Architectural Answer: Data-Layer Governance, Not Behavior Hope
The fix is not more training. Training is necessary but it is the third line of defense, not the first. The first line is architecture. Three properties define governance that works.
Attribute-based access controls evaluated on every AI request. The policy decision considers user identity, agent identity, data classification, purpose, and context together — on every operation, not at session start. When the AI tool cannot read the regulated content, the paste does not matter.
Content-level encryption that travels with the data. Derivative copies remain governed even when they leave the original system. The “paste at 11 p.m.” failure mode is removed at the architecture level, not managed by hoping employees read the policy document.
Immutable audit logs for every AI interaction with regulated content. Evidence-quality, tamper-evident, and feeding existing SIEM and compliance infrastructure. Policy at the data layer is enforced policy — and it produces the artifacts that regulators increasingly require as proof of enforcement.
How Kiteworks Closes the Gap Between Policy and Enforcement
The Kiteworks Secure MCP Server and AI Data Gateway enforce governance over AI agent access at the data layer rather than the model or prompt layer. Large language model applications interact with Kiteworks under attribute-based and role-based access controls, with every operation evaluated by the Data Policy Engine and every interaction captured in a comprehensive audit log. AI agents inherit the authenticated user’s authorization scope — they cannot exceed it. A poisoned prompt, a misconfigured agent, or a well-intentioned employee paste all encounter the same enforcement.
Kiteworks SafeEDIT addresses the paste-at-11-p.m. scenario architecturally: users — including external parties — edit a document inside the secure Kiteworks environment without ever possessing the file. The content cannot be downloaded into a local AI tool, copied into a public LLM prompt, or leave the governed perimeter. The Kiteworks Private Data Network extends this governance across email, file sharing, MFT, SFTP, web forms, and APIs under one policy engine and one consolidated audit log — producing the evidence-quality artifacts that the EU AI Act and NIST AI RMF require. 33% of organizations cannot produce those artifacts today per the Kiteworks 2026 Forecast.
What to Do Before the Next Audit Cycle
First, run an AI policy reality check against ISACA’s 90/38/25 baseline. Document your organization’s actual position — no policy, limited policy, or comprehensive policy — candidly, in writing, before the next audit committee meeting. That document is the starting point for the board conversation.
Second, inventory the AI tools actually in use, not the ones you sanctioned. The Kiteworks 2026 Forecast found 100% of organizations have AI on the 2026 roadmap, but governance trails adoption by 15 to 20 points on every containment metric. Browser telemetry, EDR, and DLP can produce a real inventory in a week.
Third, separate policy artifacts from enforcement artifacts. A policy document is not a control — a control is what a regulator can audit. Map every AI policy clause to a specific runtime enforcement mechanism and a specific evidence stream. 33% of organizations lack evidence-quality audit trails for AI activity, meaning two-thirds cannot demonstrate enforcement under examination.
Fourth, brief the board with the 90/38/25 stat and your organization’s position against it. Frame AI governance as a fiduciary responsibility tied to EU AI Act enforcement, NIST AI RMF expectations, and state-level AI laws. Boards respond to specific exposure, not abstract risk.
Fifth, move governance from the prompt layer to the data layer. Prompt filters and model guardrails are bypassable — ISACA’s own white paper documents how guardrails are neither universal nor foolproof. Governance enforced at the data layer, with attribute-based access controls and content-level encryption, does not depend on the model behaving correctly.
To learn more about governing sensitive data in an AI-driven organization, schedule a custom demo today.
Frequently Asked Questions
A written policy is documentation, not enforcement. Regulators auditing AI controls increasingly demand evidence of runtime enforcement — proof of what the system actually did. The Kiteworks 2026 Forecast found 33% of organizations lack evidence-quality audit trails. Without those, an acceptable-use policy is unprovable under examination regardless of how well it is drafted. Financial services organizations face parallel scrutiny under SEC, FINRA, and FFIEC frameworks — each requiring evidence, not documentation.
Shadow AI creates HIPAA exposure because every AI interaction with PHI is a potential disclosure to an unauthorized third party. HIPAA’s enforcement standard is not whether the disclosure was intentional but whether reasonable safeguards were in place. A policy without data-layer enforcement does not meet that bar. The 2026 Cost of Insider Risks Global Report names shadow AI the top driver of negligent incidents — the category HIPAA penalties target most directly.
Lead with the ISACA 2026 AI Pulse Poll: 90% of employees use AI, 38% have a comprehensive policy, and only 38% of practitioners are confident their board understands AI risk. Pair that with your organization’s position against the benchmark. Frame AI governance as a fiduciary responsibility tied to the EU AI Act’s August 2026 date and emerging state-level AI laws. Boards respond to specific exposure and compliance deadlines, not abstract risk briefings.
CMMC Level 2 AC, AU, and IA families require enforced authorization for any access to CUI — including AI agent access. The Kiteworks 2026 Forecast found 63% of organizations cannot enforce purpose limitations on AI agents. Attribute-based access controls at the data layer satisfy AC, AU, and IA requirements simultaneously and produce the audit trail evidence assessors require.
Start with architecture, not prohibition. Deploy data-layer governance that allows authorized AI use against authorized data while blocking unauthorized combinations. 100% of organizations have AI on the 2026 roadmap — the goal is governed enablement, not blanket restriction. Attribute-based access controls, content-level DRM via the AI Data Gateway, and immutable audit trails let governance scale with adoption instead of fighting it.
Additional Resources
- Blog Post
Zero‑Trust Strategies for Affordable AI Privacy Protection - Blog Post
How 77% of Organizations Are Failing at AI Data Security - eBook
AI Governance Gap: Why 91% of Small Companies Are Playing Russian Roulette with Data Security in 2025 - Blog Post
There’s No “–dangerously-skip-permissions” for Your Data - Blog Post
Regulators Are Done Asking Whether You Have an AI Policy. They Want Proof It Works.