Published October 2025

Executive summary

AI is no longer a future disruptor – it’s a present reality. But as adoption accelerates, trust in AI outputs is eroding. Organizations realize that without strong governance, resilient data strategies, and a commitment to quality, AI can just as easily become a liability as a competitive advantage.

Building on AvePoint’s 2024 report, the 2025 report tracks the evolution from AI experimentation to enterprise-wide enablement. The findings revealed that despite widespread AI adoption efforts, critical operational gaps persist around data security and quality, with these foundational issues delaying AI rollouts by up to a year for three-quarters of organizations.

Key takeaways:

• AI rollouts stall before takeoff. 86% of organizations delayed AI deployments by up to a year due to security and data quality concerns.
• AI security incidents are too common. 75% experienced at least one AI-related breach in the past year, primarily due to oversharing sensitive employee or customer data.
• AI data frameworks exist – but fail to deliver. While 90% of organizations claim to have an information management framework, only 30% say it classifies and protects data effectively.
• AI training alone won’t fix trust. 99.5% have invested in AI literacy, but inaccurate outputs and hallucinations still erode employee judgment and decision-making.
• AI customer impact falls short. Organizations say enhancing customer insights and personalization is their top AI goal – yet there is a 5.8% gap between what they hope to achieve and what they actually do.

Published May 2023

Executive Summary

Organizations collect, process, and store a wide range of data on individuals— including data that is personal, sensitive, related to healthcare and education, and financial. In addition to data collected with the knowledge of individuals, the widespread adoption of new digital channels for people to meet, share, and shop has dramatically increased the scope for organizations to capture data surreptitiously. Current and emerging regulations set a baseline expectation that organizations will, firstly, protect all such data appropriately, and secondly, extend a set of rights to the individuals whose data has been collected, processed, and stored. The implications of elevated privacy requirements are reverberating inside organizations across many industries.

This white paper reports on how organizations in the United States and Canada are meeting the requirements of current and emerging privacy regulations.

Request a Copy

Published April 2022

Executive summary

Organizations have proven more adept in protecting their own confidential and sensitive data than the personal and sensitive data of customers and employees. With data available on 15 billion individuals (including duplicates) from more than 100,000 data breaches, there is no shortage of data available to fuel identity theft, financial fraud, and other malicious threats. Privacy regulations have become a key tool for regulators and governments to force organizations to pay more attention to the data collected, processed, stored, and shared on individuals—much of it gained through new ubiquitous digital channels. Privacy regulations define common standards of performance rather than leaving best practice up to individual organizations.

With the emergence of new privacy regulations to complement others that have been in force for several decades, the purpose of this study was to understand how organizations in the United States are responding.

Request a copy

Published October 2021

Executive summary

Organizations are embracing modern tools for collaboration, such as Microsoft Teams, Slack, and Zoom. This raises significant eDiscovery and information governance challenges for organizations because the native capabilities for eDiscovery and information governance offered within each product are lacking or non-existent, have low maturity, and have not been designed to offer a consistent experience across data from multiple key applications. This leaves organizations exposed to risks from process failures in eDiscovery and internal investigations, where responsive data cannot be found without costly manual processes.

Third-party solutions offer organizations a better approach to meeting their eDiscovery and information governance responsibilities across a wide collection of modern tools, such as Microsoft Teams, Slack, and Zoom.

Published September 2021

Executive Summary

Sensitive data protection has quickly become the new normal with the inherent certainty of data breaches and the rise of state and international privacy regulations. Sensitive data must be protected against unauthorized access and disclosure, but to enforce the required protections, organizations first need the ability to discover where sensitive data is created and stored. This first mile causes challenges for many organizations as they try to run before they can walk.

In this white paper, we look at the challenge of sensitive data discovery and how organizations are prioritizing and assigning responsibility for it.

Published April 2021

Executive summary

As organizations explore new cloud services for productivity and collaboration, mature information governance capabilities do not become less important. Microsoft, IPRO, and various other third-party vendors offer capabilities for governing information, albeit with strengths in different areas. Ensuring the right information governance capabilities are available to the various organizational groups with shared responsibility for this area is essential.

This report compares the approaches to information governance by IPRO and Microsoft (in Microsoft 365). It is offered to enable information governance professionals evaluating the move to Microsoft 365 to gauge suitability to task of the information governance tools offered by both vendors.

This white paper is intended for IT professionals, cybersecurity teams, compliance and risk professionals, and legal teams—including CISOs, CIOs, general counsel and others who need to gain a better understanding of information governance, particularly in the context of how they will handle information governance in Microsoft 365 environments (whether as the sole approach or as part of a hybrid IT infrastructure where Microsoft 365 is but one part of the overall technology stack).

Request a copy

Published February 2015

Executive summary

According to various industry articles and vendor marketing materials, most organizations are struggling with the problem of too much electronic data—how much of it there is, what it contains, who has access to it, where it is currently stored, and how long it should be kept. In other words, how to govern it more effectively. To tell you the truth, they’re right. The sheer volume of information, combined with the speed of its accumulation (velocity) and the lack of effective management is at the root of the problem. This surplus of electronically stored information (ESI) is, in reality, driving up the cost of storage, raising the cost and risk of eDiscovery and regulatory compliance, negatively impacting employee productivity, and raising the prospect of intellectual property theft and Personally Identifiable Information (PII) leakage.

To get a better handle on this ESI problem, organizations should take a long, hard look at the main problem: a lack of any effective enterprise-wide information governance. After recognizing the main problem, organizations can then take action, such as creating an enterprise-wide information strategy, developing use policies and an information retention schedule, and adopting information management automation. These will enable the organization to systematically find, categorize, manage and defensibly dispose of ESI in a timely, cost-effective manner.

The most effective measure of information governance (IG) success is to determine if the IG program has the potential to produce the required return on investment (ROI) to make the investment profitable.

Request a copy