Enterprise AI: Lenovo says 70% see shadow AI as risk, rising costs

Lenovo’s latest research warns that AI use inside enterprises is spreading beyond IT control, creating hidden security risks, higher costs and delayed returns on investment. The study signals an execution gap between AI pilots and governed, production-grade deployments.

According to Lenovo’s Work Reborn research, 70% of surveyed IT leaders identify employee misuse or unapproved AI usage as a key insider risk, while 65% say their defenses are not ready to withstand AI-augmented cybercrime. The survey was conducted among roughly 600 IT leaders in October–November 2024 and focused on organizations with more than 1,000 employees across multiple markets. These findings point to a broadening “shadow AI” challenge where unsanctioned tools bypass corporate controls.

The research also highlights commercial friction: many CIOs struggle to demonstrate measurable ROI from AI. Separate Lenovo CIO findings show 96% expect increased AI spending over the next 12 months, yet 42% do not expect to see positive ROI for two to three years. That mismatch amplifies the financial risk of uncontrolled AI adoption, as unmanaged tools can generate compliance costs, data exposure and duplicated spend.

In a broader context, shadow AI raises regulatory and operational concerns — from potential data leaks to model manipulation — that can produce direct fines and long-term reputational damage. Lenovo’s report references analyst warnings that conventional security postures are often inadequate for AI-era threats, arguing for integrated, AI-aware defenses spanning device, network and cloud layers. This has implications for sectors with strict data rules, including finance and healthcare.

Market observers and analysts recommend simultaneous action on governance and enablement: establish detection and approval workflows to surface and sanction high-value use cases, while investing in AI-native security controls and endpoint intelligence. Lenovo positions device- and platform-level protections, alongside managed services, as part of the solution set; analysts expect demand for AI governance, monitoring and secure infrastructure to grow as enterprises attempt to close the AI execution gap.