Half of Employees Use Shadow AI 

Uploaded on 2025-03-31 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, FREE TO VIEW

Research carried for Software AG on the AI habits of 6,000 knowledge workers. has found that half of all employees are using Shadow AI (AI tools not issued or approved by their employer). 

Furthermore, the research report entitled 'Chasing Shadows - Getting ahead of Shadow AI' suggests that personal AI tools are so valuable that half of workers (46%) would refuse to give them up, even if their organisation banned them completely. 

This is a powerful signal to organisations that they need more robust and comprehensive AI strategies, to prevent inviting significant risk into their business.

Director at Software AG, Steve Ponting commented: “If 2023 was a year of experimentation, 2024 will be defined as the year that GenAI took hold. While 75% of knowledge workers use AI today, that figure will rise to 90% in the near future because it helps to save time, makes employees’ jobs easier and improves productivity (71%). “As usage increases, so does the risk of cyber attacks, data leakage or regulatory non-compliance. Consequently, business leaders need to have a plan in place for this before it’s too late.”

The survey also found that not only does AI have a day-to-day impact on individuals, but nearly half (47%) of workers believe these tools will help them to be promoted faster. This suggests a future where AI tools are wholly ingrained in many roles due to their criticality in job success.

Most knowledge workers said they use their own AI tools because they prefer their independence (53%). An additional 33% said it’s because their IT team does not currently offer the tools they need. This suggests that if businesses want their employees to use officially issued tools, a different process is needed for determining which ones are actually made available.

Over 705 of employees are ware of the risks of their AI choices and recognise that cyber security, data governance and inaccuracy of information are potential hazards. However, businesses should be concerned that few employees take adequate precautions like running security scans or checking data usage policies.

There is some evidence that regular users of AI are better prepared to mitigate risks compared to occasional users and this should encourage organisations to implement more rigorous training programs,

According to Software AG's J-M Erlendson, “We need this now, because the future, where 90% of workers use AI, is just around the corner and will bring more of the occasional users, which is a problem. This group is far less adept at taking risk management precautions compared to their more experienced counterparts, but they’re just as likely to take the risks.

Shadow AI is supercharging the operational chaos already engulfing many organisations. “A transparent framework for their processes, coupled with an understanding of the tools employees want, and the training they need, are good building blocks for better incorporating Shadow AI. It’s clear that AI is not going away, and, collectively, we need to address it in the right way now.” Erlendsen concludes.

Image: ismagilov

You Might Also Read: 

The Shadow IT Problem No One Talks About:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« Staying Ahead Of First-Party Fraud & Abuse
Oracle Cloud Denies It Has Been Breached »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ReadWrite

ReadWrite

ReadWrite is a leading media platform dedicated to IoT and the Connected World.

HANDD Business Solutions

HANDD Business Solutions

HANDD are independent specialists in data protection with expertise at every stage of the Protect, Detect and Respond cycle, from consultancy and design, right through to installation.

Cyber Exec

Cyber Exec

Cyber Exec is an executive search firm dedicated to global talent acquisition in Cyber Security, Information Technology, Defense...

Crossmatch

Crossmatch

Crossmatch is a world leader in risk-based composite authentication and biometric identity management.

Optiv

Optiv

Optiv is a market-leading provider of end-to-end cyber security solutions. We help clients plan, build and run successful cyber security programs that achieve business objectives.

Raytheon Technologies

Raytheon Technologies

Raytheon Intelligence & Space delivers solutions that protect every side of cyber for government agencies, businesses and nations.

Galvanize

Galvanize

Galvanize is a leading provider of award-winning, cloud-based security, risk management, compliance, and audit software for some of the world’s largest organizations.

Inter-American Cooperation Portal on Cyber-Crime

Inter-American Cooperation Portal on Cyber-Crime

The Inter-American Cooperation Portal on Cyber-Crime was created to facilitate and streamline cooperation and information exchange among government experts from OAS member states.

CybExer Technologies

CybExer Technologies

CybExer provide an on-premise, easily deployable solution for complex technical cyber security exercises based on experience in military grade ranges.

ICS-CSR

ICS-CSR

ICS-CSR is a research conference bringing together researchers with an interest in the security of industrial control systems.

ProSearch Partners

ProSearch Partners

ProSearch Partners are national talent acquisition specialists exclusively focussing on Technology and Digital talent including Cybersecurity, Data Analytics and Execs.

Concentric

Concentric

Concentric Data Risk Monitoring and Protection. Deep Learning to discover, monitor and remediate risks to sensitive data on-premises and in the cloud.

FiVerity

FiVerity

FiVerity provides financial institutions with cyber fraud defense to combat a dangerous and growing threat - the convergence of fraud-related theft with sophisticated, high-volume cyber attacks.

Nomios

Nomios

Nomios develops innovative solutions for your security and network challenges. We design, secure and manage your digital infrastructure.

nodeQ

nodeQ

At nodeQ, we are pioneering the future of computer networks, leveraging our deep expertise in quantum communication, artificial intelligence, and software-defined networking.

Efex

Efex

Efex is one of Australia’s leading Managed Technology Solutions providers. We service local companies across Australia, providing accessible, fast and straightforward IT.