Three-quarters of IT and security leaders believe reducing information complexity is essential for AI readiness, yet most organisations lack the foundational information governance to deploy artificial intelligence securely, according to new research.

The global survey of 1,896 senior IT and security practitioners, including 198 from Australia, found a significant gap between AI ambitions and execution capabilities. While 57% rate AI adoption as a top priority and 54% are confident about demonstrating return on investment, 53% say reducing AI security and legal risks is "very difficult" or "extremely difficult."

"This research confirms what we're hearing from CIOs every day. AI is mission-critical, but most organisations aren't ready to support it," said Shannon Bell, Chief Digital Officer at OpenText, which sponsored the research with the Ponemon Institute.

The study reveals critical alignment problems, with less than half (47%) of respondents saying IT and security goals align with those driving AI strategy. This disconnect appears across leadership levels, despite 50% of organisations hiring or considering chief AI officers or chief digital officers.

Information complexity emerges as a primary barrier to AI readiness. The research identifies unstructured data as a top contributor to complexity (44% of respondents), alongside Internet of Things deployments (46%) and emerging cyber threats (52%).

Budget constraints represent the biggest governance challenge, with 31% citing insufficient funding for AI technologies. This is followed by inadequate time for integration (29%) and misaligned IT functions (28%).

Privacy risks dominate AI security concerns, with 44% of respondents identifying inadvertent privacy rights infringement as their biggest worry. Weak encryption (42%) and poor system configuration due to AI over-reliance (40%) round out the top risks.

The findings suggest organisations are moving ahead with generative AI despite security concerns. Among the 50% of organisations that have adopted AI, 32% have implemented GenAI with another 26% planning deployment within six months. However, adoption of more advanced agentic AI remains limited, with only 19% having implemented it and 16% planning near-term deployment.

The research indicates that addressing information complexity requires organisational accountability. Key steps include appointing dedicated oversight (59% of respondents), streamlining security and data governance policies (56%), and reducing overlapping technology platforms (55%). On average, organisations deploy 15 separate cybersecurity technologies.