A global survey of 850-plus IT and security leaders reveals a widening gap between AI confidence and the governance frameworks meant to contain it.
Nearly a third of organizations say AI tools have already surfaced sensitive data they should never have accessed — yet 93% of IT and security leaders say they are confident their Microsoft 365 governance framework can support AI responsibly.
That contradiction sits at the heart of new global research released Monday by ShareGate, based on a survey of more than 850 IT and security leaders across the US, Canada and Europe.
The exposed data includes customer records (36%), sensitive internal documents (31%), personal data and personally identifiable information (30%), HR records (30%), financial data (25%) and proprietary intellectual property (21%). Yet just 51% of organizations have completed an organization-wide governance review since enabling Microsoft 365 AI tools, including Copilot.
The workload has grown alongside the risk. More than 70% of respondents say AI has increased their governance burden since enabling AI tools, and nearly eight in ten say they are at least moderately concerned about AI accessing content that has not been recently reviewed for permissions.
“AI and Copilot didn’t create the governance problem. They exposed it,” said Benjamin Niaulin, VP of Product at ShareGate. “IT teams have been papering over fragmented tools and blind spots for years. Now every oversharing group and forgotten permission is one Copilot prompt away from becoming a real incident. You can’t govern what you can’t see — and right now, most teams can’t see it.”
Also Read: Why Most Executives Are Faking Their AI Confidence
Governance Gaps Are Putting Returns at Risk
The business stakes are real. AI-related costs already represent a meaningful share of IT budgets, and more than 80% of respondents expect measurable ROI from Microsoft 365 AI initiatives within 18 months.
More than three-quarters say governance activities — including permission audits, cleanup and lifecycle management — have at least a moderate impact on their AI investment confidence, a sign that effective governance and strong returns are becoming more tightly linked.
That uncertainty is pushing organizations to look beyond their own teams. Eight in ten say they are likely to bring in an external partner for an AI governance assessment before scaling further.
Full survey results, governance framework guidance and additional analysis are available on ShareGate’s blog.
