Half of Employees Use Shadow AI 

Uploaded on 2025-03-31 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, FREE TO VIEW

Research carried for Software AG on the AI habits of 6,000 knowledge workers. has found that half of all employees are using Shadow AI (AI tools not issued or approved by their employer). 

Furthermore, the research report entitled 'Chasing Shadows - Getting ahead of Shadow AI' suggests that personal AI tools are so valuable that half of workers (46%) would refuse to give them up, even if their organisation banned them completely. 

This is a powerful signal to organisations that they need more robust and comprehensive AI strategies, to prevent inviting significant risk into their business.

Director at Software AG, Steve Ponting commented: “If 2023 was a year of experimentation, 2024 will be defined as the year that GenAI took hold. While 75% of knowledge workers use AI today, that figure will rise to 90% in the near future because it helps to save time, makes employees’ jobs easier and improves productivity (71%). “As usage increases, so does the risk of cyber attacks, data leakage or regulatory non-compliance. Consequently, business leaders need to have a plan in place for this before it’s too late.”

The survey also found that not only does AI have a day-to-day impact on individuals, but nearly half (47%) of workers believe these tools will help them to be promoted faster. This suggests a future where AI tools are wholly ingrained in many roles due to their criticality in job success.

Most knowledge workers said they use their own AI tools because they prefer their independence (53%). An additional 33% said it’s because their IT team does not currently offer the tools they need. This suggests that if businesses want their employees to use officially issued tools, a different process is needed for determining which ones are actually made available.

Over 705 of employees are ware of the risks of their AI choices and recognise that cyber security, data governance and inaccuracy of information are potential hazards. However, businesses should be concerned that few employees take adequate precautions like running security scans or checking data usage policies.

There is some evidence that regular users of AI are better prepared to mitigate risks compared to occasional users and this should encourage organisations to implement more rigorous training programs,

According to Software AG's J-M Erlendson, “We need this now, because the future, where 90% of workers use AI, is just around the corner and will bring more of the occasional users, which is a problem. This group is far less adept at taking risk management precautions compared to their more experienced counterparts, but they’re just as likely to take the risks.

Shadow AI is supercharging the operational chaos already engulfing many organisations. “A transparent framework for their processes, coupled with an understanding of the tools employees want, and the training they need, are good building blocks for better incorporating Shadow AI. It’s clear that AI is not going away, and, collectively, we need to address it in the right way now.” Erlendsen concludes.

Image: ismagilov

You Might Also Read: 

The Shadow IT Problem No One Talks About:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« Staying Ahead Of First-Party Fraud & Abuse
Oracle Cloud Denies It Has Been Breached »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CloudEndure

CloudEndure

CloudEndure offers Disaster Recovery and Continuous Replication for the Cloud.

Cyber Security Recruiters

Cyber Security Recruiters

Cyber Security Recruiters is a niche recruiting firm who finds impact players for our clients in the Information Security Space.

PakCERT

PakCERT

PakCERT is the national Computer Emergency Response Team for Pakistan.

Centre for Cyber Security (CFCS) - Denmark

Centre for Cyber Security (CFCS) - Denmark

The Centre for Cyber Security is the Danish national IT security authority, Network Security Service and Centre for Excellence within cyber security.

Data Resolve Technologies

Data Resolve Technologies

Data Resolve offer a mechanism through which customers can detect and tackle various kinds of sensitive activities pertaining to data loss and data theft.

FFRI Security

FFRI Security

FFRI is committed to research and development of preventing the most advanced cyber-attacks and breaches.

CSIRT-NQN

CSIRT-NQN

CSIRT-NQN is the Computer Incident Response Team for the Argentine province of Neuquen.

Stratus Cyber

Stratus Cyber

Stratus Cyber is a premier Cyber Security company specializing in Managed Security Services. Our services include Blockchain Security, Pentesting, and Compliance Assessments.

Civic Technologies

Civic Technologies

Civic’s Secure Identity Platform (SIP) uses a verified identity for multi-factor authentication on web and mobile apps without the need for usernames or passwords.

FortifyIQ

FortifyIQ

FortifyIQ's mission is to advance maximum security against side-channel attacks across the entire computing spectrum.

Core Sentinel

Core Sentinel

Australia's #1 Penetration Testing Service. Make Your Systems Fully Compliant With Our OSCE CREST/CISA Certified Penetration Testing.

Aite-Novarica Group

Aite-Novarica Group

Aite-Novarica's Cybersecurity practice provides ongoing research and advisory services to chief information security officers focused on protecting their companies’ assets.

National Coordinator for Security and Counterterrorism (NCTV) - Netherlands

National Coordinator for Security and Counterterrorism (NCTV) - Netherlands

The NCTV serves the Netherlands’ national security. We protect national interests, identify threats and strengthen resilience.

CYBRI

CYBRI

CYBRI is a cybersecurity company helping businesses detect and remediate mission-critical vulnerabilities before they get exploited by hackers.

EGUARDIAN

EGUARDIAN

EGUARDIAN serves as a Value-Added Distributor and technology enabler in the APAC region with the aim of further expanding globally and cater to the needs of the demands with the emerging technology.

PlanNet 21 Communications

PlanNet 21 Communications

PlanNet 21 Communications is Ireland most specialised technology solution provider.