Metomic Finds AI Data Leaks Impact 68% of Organizations, But Only 23% Have Proper AI Data Security Policies

Metomic surveyed over 400 security leaders from the U.S. and UK and found that more than half confirmed their organization regularly experienced malware and phishing incidents.

Metomic, a next-generation data security and data loss prevention (DLP) solution for AI and SaaS work environments, today released its annual "2025 State of Data Security Report: Top Priorities, Challenges and Concerns for Today's CISOs." Created in collaboration with Harris Interactive, the report reveals alarming AI security vulnerabilities in the workplace despite high confidence levels among security leaders.

The survey of more than 400 Chief Information Security Officers (CISOs) and security leaders in the U.S. and UK found that AI integration in workplace tools has created unprecedented data security challenges. While 90% of respondents expressed confidence in their organizations' security measures and 91% believed their employee training initiatives were successful, the reality tells a different story. More than half reported regular malware attacks, phishing schemes, and data breaches—many directly linked to improper AI implementation and usage.

"The proliferation of AI across workplace tools has dramatically expanded the attack surface for malicious actors," said Ben van Enckevort, co-founder and CTO, Metomic. "Our research shows that employees using AI applications without proper guardrails are unwittingly exposing sensitive company data at an alarming rate. The gap between security leaders' confidence and the actual threat landscape represents one of the most significant blind spots in modern cybersecurity."

The report highlights that 68% of organizations have experienced data leakage incidents specifically related to employees sharing sensitive information with AI tools. Despite these incidents, only 23% have implemented comprehensive AI security policies. This disconnect demonstrates the urgent need for AI-specific security protocols as these technologies become increasingly embedded in daily workflows.

When asked what could prevent their security program from being successful in 2025, 80% of survey respondents cited fostering a strong security culture within their organization as their top challenge. This finding aligns with a 2024 report from the Information Systems Security Association (ISSA) and Enterprise Strategy Group that revealed 74% of CISOs believe cybersecurity complexity and workloads have increased in the past two years—a reality exacerbated by rapid AI adoption across organizations.

"Our report puts a spotlight on a hard truth that very few security professionals are addressing: Cybersecurity software solutions simply cannot single-handedly protect an organization from the ongoing influx of data security threats, particularly those introduced by AI systems," van Enckevort continued. "In today's threat landscape, the most effective security teams are led by CISOs who are focused on building security-conscious organizations from the ground up, with particular attention to the unique risks posed by AI integration."

The report also includes insights on how security leaders plan to allocate their time and resources, with 44% prioritizing security infrastructure oversight and implementation—much of which now focuses on securing AI systems and preventing data leakage through these channels. This marks a shift from last year when security operations was the top priority, now falling to third place behind security infrastructure and security awareness training.

Another notable change in findings since last year: ransomware has overtaken phishing schemes and customer data breaches as a top security concern in the U.S., with AI-enabled ransomware attacks showing particular sophistication. In the UK, security risks associated with third-party suppliers have surged by more than ten percentage points as a top concern, largely driven by the integration of third-party AI solutions.

"To truly protect a business' most critical data in the age of widespread AI adoption, there must be a fundamental mindset shift that begins within the security team and spreads throughout the organization," van Enckevort emphasized. "The most effective cybersecurity strategies are not centered on security tools alone—they require leadership commitment, cultural change, and human behavior adaptation specifically addressing AI risks. It's about taking security awareness to a whole new level where it is continuous, contextual and embedded into daily workflows. This concept is foundational to Metomic's value: enabling better decision-making processes, cultural buy-in, and a shift toward more proactive security management in an AI-driven workplace."

The full report can be downloaded from Metomic's website at: "2025 State of Data Security Report: Top Priorities, Challenges and Concerns for Today's CISOs."

About Metomic:

Metomic's data security software for SaaS, GenAI and cloud was born out of the frustration of its leaders trying to implement SaaS applications that make businesses more productive but are off limits because of high-risk security concerns. As a next generation security solution focused on cloud-based applications, Metomic gives security teams clear visibility into their organization’s SaaS network to manage sensitive data and detect security threats, allowing businesses to take full advantage of their SaaS application network. To learn more visit www.metomic.io.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250424299278/en/