What happened
Netrio, a managed service provider, surveyed 401 US IT leaders at organizations with 200–5,000 employees (released June 15, 2026). The core finding: 82% of mid-market firms run AI in production, yet only 26% have achieved enterprise-wide governance and scale. The governance gap is striking—only 42% have formal AI policies with enforced controls, 53% lack full visibility into AI tool usage, and 63% have not formally assessed sensitive data flowing into AI systems. Critically, 73% of mid-market IT leaders have encountered an AI-related security incident or near-miss in the past 12 months. Despite these gaps, 88% plan to invest at least $100,000 in AI over the next 12–24 months.
Why it matters
Mid-market organizations represent the bulk of enterprise AI deployment but operate under severe governance and security deficits. This report bridges the adoption-governance gap and quantifies the security risk exposure created by rapid, unmanaged AI rollout—actionable data for CISOs and IT leaders sizing budgets and compliance roadmaps.
Action needed
Establish formal AI governance policies with enforced controls and audit trails; conduct comprehensive inventory of all AI tool usage and sensitive data exposure; allocate governance investment proportionally with deployment budgets.