Insights · Market data · 8 May 2026
IBM, May 2026: only 18% of Canadian organizations have AI governance in place.
The IBM Institute for Business Value quantified the Canadian AI governance gap in May 2026. Three numbers from the study carry a board conversation.
The IBM Institute for Business Value released its May 2026 study on AI adoption and governance in Canada. The headline number is the gap: only 18% of Canadian organizations have systems in place to govern AI across everyday operations. The remaining 82% have a policy document and an assumption.
The cost of the gap was quantified directly in the study:
“AI irregularities cost large Canadian enterprises an estimated $144 million per year, and half of those losses are governance failures, not technology failures.”
A parallel number sets up the board conversation: 63% of Canadian executives say governance gaps already make it harder to deploy AI at scale. The friction is internal. Legal, compliance, and risk push back against AI initiatives because there is no evidence the policy is being enforced.
IBM’s September 2025 shadow-AI study points the same direction: 79% of full-time office workers say they use AI at work, and only 25% rely on enterprise-grade tools. The rest work in personal apps or a mix of personal and employer tools, with no audit trail behind any of it. The same study puts the added cost of shadow AI at nearly CA$308,000 per data breach.
Read the source
-
IBM Institute for Business Value: “AI in motion” (Canada findings, May 2026)
Source for the 18%, 63%, and $144M figures, from IBM Canada’s 7 May 2026 release of the IBM Institute for Business Value study “AI in motion: Orchestrating AI at scale for sovereignty and resilience.”
-
IBM: shadow AI in the Canadian workplace (September 2025)
Source for the workplace-adoption figures: 79% of full-time office workers use AI at work; 25% rely on enterprise-grade tools. The same release costs shadow AI at nearly CA$308,000 per data breach.
-
IBM Cost of a Data Breach Report (2024)
Source for the parallel benchmark cited in our FAQ: ~$6.32M average cost of a Canadian data breach, which makes the per-incident framing concrete for a CFO conversation.
-
TELUS Digital, AI safety research (2025)
Complementary finding: 57% of enterprise employees have entered high-risk information into publicly available AI assistants.
Why this matters
The 18% number is the one that ends up in a CISO’s board deck. If your organization is in the 82%, the conversation has already started. The question is whether you can produce a structured, exportable record when someone asks for one. Mandate exists to make that record the default.
More from Insights
-
AI risk · Saeri et al. · 2026
Saeri et al., 2026: which sectors are most exposed to AI risk272 experts ranked information, finance, and national security most exposed, and named the missing instruments. Read the note →
-
Sovereignty · CJEU · EU
Schrems II and why a region label isn’t a legal jurisdictionWhere the data sits matters less than which legal regime can compel access to it. Read the note →
-
IP exposure · Norton Rose Fulbright · 2025
Norton Rose Fulbright 2025: 47% of those expecting more IP exposure point to AI toolsWhat the litigation-trends survey says about AI tools and trade secrets. Read the note →