New research from ShareGate finds AI adoption is nearly universal, but governance gaps leave organizations exposed

MONTREAL, April 21, 2026 /CNW/ -- Twenty-nine percent of organizations say AI tools have already surfaced sensitive data they shouldn't have accessed. Yet, 93% of IT and security leaders say they are confident their Microsoft 365 governance framework can support AI responsibly. That gap is the central finding of new global research released today by ShareGate, based on a survey of more than 850 IT and security leaders across the U.S., Canada and Europe.

AI is in. Governance still has to catch up.
The exposed data includes customer records (36%), sensitive internal documents (31%), personal data and PII (30%), HR records (30%), financial data (25%), and proprietary IP (21%). However, just 51% of organizations have completed an organization-wide governance review since enabling Microsoft 365 AI tools, including Copilot.

The workload has also grown alongside the risk. Over 70% of respondents say AI has increased their governance burden since enabling AI tools, and nearly 8 in 10 say they are at least moderately concerned about AI accessing content that hasn't been recently reviewed for permissions.

"AI and Copilot didn't create the governance problem. They exposed it," said Benjamin Niaulin, VP of Product at ShareGate. "IT teams have been papering over fragmented tools and blind spots for years. Now every oversharing group and forgotten permission is one Copilot prompt away from becoming a real incident. You can't govern what you can't see, and right now, most teams can't see it."

Governance gaps are putting AI returns at risk
The business stakes are real. AI-related costs already represent a meaningful share of IT budgets, and over 80% of respondents expect measurable ROI from Microsoft 365 AI initiatives within 18 months.

More than three-quarters say governance activities, including permission audits, cleanup, and lifecycle management, have at least a moderate impact on their AI investment confidence, a sign that effective governance and strong returns are becoming increasingly linked.

That uncertainty is pushing organizations to look beyond their own teams. Internal capacity, it seems, isn't keeping pace. 8 in 10 say they are likely to bring in an external partner for an AI governance assessment before scaling further.

For additional analysis, governance framework guidance, and full survey results, visit ShareGate's blog.

Survey Methodology
Centiment conducted the survey on behalf of ShareGate in March 2026. It included 850 IT and security leaders in the United States, the United Kingdom, Canada, France, Germany, the Netherlands, and Ireland. Respondents hold roles spanning IT leadership, security leadership, data governance, compliance, and digital workplace leadership.

About ShareGate
ShareGate is the leading Microsoft 365 migration and governance platform, trusted by over 100,000 IT pros for its unmatched simplicity.

It offers the simplest, most reliable, and most affordable way to move business data to Microsoft 365. Whether migrating from Google Workspace, file shares, Exchange Online, SharePoint On-Premises, or tenant-to-tenant, ShareGate gets the job done without surprises. From cloud transformation to M&A integration, it keeps things just damn simple.

ShareGate also helps organizations stay in control once their data is migrated. Its powerful governance features let users assess environments, uncover risks, and apply fixes on the spot, so everything stays clean, secure, and optimized. It lays the groundwork for safe Microsoft Copilot deployment within organizations.

ShareGate is developed by Workleap Technologies, a Montréal-based software company.

Media Contact
Tanner Garza
PANBlast for ShareGate
sharegate@panblastpr.com

View original content to download multimedia:https://www.prnewswire.com/news-releases/nearly-1-in-3-organizations-report-ai-driven-data-exposure-incidents-302747623.html

SOURCE Workleap