• Tero Vesalainen
    68499d1af12d58ebc9ba9634 Dreamstime M 103769515

    Survey shows ‘widespread governance failures’ in AI data security

    June 16, 2025
    New Kiteworks report finds manufacturing, historically a leading target of cyberattacks, still appears to be maintaining a risky status quo despite unique vulnerabilities brought on by AI.

    What you’ll learn:

    • Just 17% of surveyed organizations have implemented automated technical controls such as DLP scanning for AI data flows.
    • 40% said they still rely on employee training and audits as their first line of defense.
    • 20% said they depend solely on unmonitored warnings.
    • 13% said they have no specific AI security policies at all.

    With AI implementations surging in 2025 and data exposed in all-new and different ways, security software firms are probing just how seriously manufacturers seem to be taking their cybersecurity in this AI-charged environment—and the answer, at least according to new research from one, is not very seriously at all.

    The Kiteworks AI Data Security and Compliance Risk Survey, at the very least, shows that the fervor to phase in AI is way ahead of companies’ efforts to ensure their data is protected.

    And, company officials said, manufacturers are feeding a lot of sensitive data into AI systems while lacking basic protections, creating significant risk across all industries, including manufacturing, which already is the worldwide leader in ransomware attacks.

    See also: AI can expose manufacturing data to risk, so audit your implementations, third-party links

    “The gap between awareness and implementation is no longer sustainable,” Tim Freestone, Kiteworks’ chief marketing officer, remarked in a release from Kiteworks, an emerging player in the security space and the vendor of a platform that secures communications and sensitive data. The survey results were released on June 16.

    Freestone had this to add: “AI is here, the risks are real, and organizations must act now before exposures escalate beyond control.”

    Big gap between AI implementations and protection

    The survey, conducted for Kiteworks by market research firm Centiment, of 461 cybersecurity, IT, risk management, and compliance professionals revealed “widespread governance failures in AI data security” and that just 17% of organizations have implemented automated technical controls such as DLP scanning for AI data flows, to block access to public AI, while more than a quarter of the respondents reported high private data exposure.

    Podcast: Best practices for utilizing AI agents in industrial workflows

    The survey’s bottom line conclusion: Manufacturing, a sector historically ripe for cyberattacks, especially ransomware, is maintaining a risky status quo despite unique IP and operational vulnerabilities brought on by artificial intelligence.

    “Manufacturers sit on a goldmine of trade secrets, production data, and supply chain intel. Yet their AI security practices don’t reflect this,” added Patrick Spencer, who is VP of corporate marketing and research at Kiteworks. “The sector’s decision to follow, rather than lead, in governance maturity is a missed opportunity for competitive advantage.”

    See also: Spearphishing, ransomware remain top cybersecurity threats to manufacturing

    Freestone also added: “When only 17% have technical blocking controls with DLP scanning, we're witnessing systemic governance failure. The fact that Google reports 44% of zero-day attacks target data exchange systems undermines the very systems organizations rely on for protection.”

    The new Kiteworks findings emerge when a surge in AI-related incidents appears to be taking place. Stanford's 2025 AI Index reports a 56.4% year-over-year increase in AI privacy incidents, with 233 documented breaches last year. This data also is embedded in the Kiteworks research.

    See also: How zero-trust data exchange protects manufacturing’s private data beyond factory walls

    Kiteworks showed organizations remain largely unprepared: 40% of respondents to Centiment said they rely on employee training and audits as their first defense; 20% depend solely on unmonitored warnings; and 13% said they have no specific AI security policies at all.

    See also: The $60 billion supply chain challenge: How to shield your extended enterprise

    Other topline revelations from the new Kiteworks survey:

    • More than one in four respondents report that over 30% of data that their employees attempt to use in public AI tools is private/sensitive data, opening them to significant risk.
    • While data leakage through AI outputs is the No. 1 concern of only 28% of the respondents, fewer—just 17% (an 11% disconnect)—have controls in place to stop sensitive data from entering AI systems.
    • 44% of organizations that responded to the survey either have massive exposure or no visibility into it at all.
    • 13% said they have no policies for AI data protection—complete defenselessness.

    “This alignment with average practices—despite manufacturing’s unique risks—suggests a dangerous underestimation of sector-specific threats,” Freestone said.

    About the Author

    Scott Achelpohl

    I've come to Smart Industry after stints in business-to-business journalism covering U.S. trucking and transportation for FleetOwner, a sister website and magazine of SI’s at Endeavor Business Media, and branches of the U.S. military for Navy League of the United States. I'm a graduate of the University of Kansas and the William Allen White School of Journalism with many years of media experience inside and outside B2B journalism. I'm a wordsmith by nature, and I edit Smart Industry and report and write all kinds of news and interactive media on the digital transformation of manufacturing.

    Email

    Continue Reading

    Sponsored Recommendations