Widespread GenAI use raising data breach concerns

Gartner predicts by 2027, artificial intelligence (AI) governance will become a requirement of all sovereign AI laws and regulations worldwide as breaches will become prevalent with the growth of generative AI (GenAI) use.

In its Predict 2025: Privacy in the age of AI and the dawn of quantum report, Gartner said more than 40 per cent of AI-related data breaches will be caused by the improper use GenAI across borders.

The continued rise in use of GenAI technologies by end-users has outpaced the development of data governance and security measures.

This raises concerns about data localisation due to the centralised computing power required to support these technologies.

Garner believes the lack of consistent global best practices and standards for AI and data governance exacerbates challenges by causing market fragmentation and forcing enterprises to develop region-specific strategies.

This can also limit their ability to scale operations globally and benefit from AI products and services.

Gartner VP analyst Joerg Fritsch said the unintended cross-border data transfers often occur due to insufficient oversight, particularly when GenAI is integrated in existing products without clear descriptions or announcement.

“The complexity of managing data flows and maintaining quality due to localised AI policies can lead to operational inefficiencies,” he said. “Organisations must invest in advanced AI governance and security to protect sensitive data and ensure compliance.

“This need will likely drive growth in AI security, governance and compliance services markets, as well as technology solutions that enhance transparency and control over AI processes.”

Organisations that cannot integrate required governance models and controls may find themselves at a competitive disadvantage, especially those lacking the resources to quickly extend existing data governance frameworks, explained Fritsch.

To mitigate the risks of AI data breaches, particularly from cross-border GenAI misuse, and to ensure compliance, Gartner recommends several strategic actions for enterprises.

This includes enhancing data governance, establishing governance committees, strengthening data security and investing in trust, risk and security management (TRiSM) products and capabilities tailored to AI technologies.

According to Gartner by 2026, enterprises applying AI TRiSM controls will consume at least 50 per cent less inaccurate or illegitimate information, reducing faulty decision-making.