Insights · Market data · 8 May 2026
IBM, May 2026: only 18% of Canadian organizations have AI governance in place.
The IBM Institute for Business Value quantified the Canadian AI governance gap in May 2026. Three numbers from the study do most of the work in a board conversation.
The IBM Institute for Business Value released its May 2026 study on AI adoption and governance in Canada. The headline number is the gap: only 18% of Canadian organizations have systems in place to govern AI across everyday operations. Most of the remaining 82% have a policy document and an assumption.
The cost of the gap was quantified directly in the study:
“AI irregularities cost large Canadian enterprises an estimated $144 million per year — and half of those losses are governance failures, not technology failures.”
A parallel number sets up the board conversation: 63% of Canadian executives say governance gaps already make it harder to deploy AI at scale. The friction is internal — legal, compliance, risk — pushing back against AI initiatives because there is no evidence that the policy is being enforced.
The IBM data is paired with the September 2025 finding from the same source: 75% of Canadian workers using AI rely on unsanctioned, consumer-grade tools rather than enterprise-approved solutions. The governance gap is not theoretical. It is what the workforce is doing every day, and the audit trail does not exist.
Read the source
-
IBM Institute for Business Value — Canadian AI governance study (May 2026)
Source for the 18%, 63%, and $144M figures. Note: the IBV publishes its Canadian study under several short-form titles; if the link redirects, search “IBM IBV Canadian AI governance 2026.”
-
IBM Cost of a Data Breach Report (2024)
Source for the parallel benchmark cited in our FAQ: ~$6.32M average cost of a Canadian data breach, which makes the per-incident framing concrete for a CFO conversation.
-
TELUS Digital — AI safety research (2025)
Complementary finding: 57% of enterprise employees have entered high-risk information into publicly available AI assistants.
Why this matters
The 18% number is the one that ends up in a CISO’s board deck. The IBM study is what your privacy officer, your audit committee, and your investor due-diligence team are reading right now. If your organization is in the 82%, the conversation has already started. The question is whether you have a structured, exportable record to show when someone asks — or a policy PDF and a guess. Mandate exists to make the record the default, not the exception.
More from Insights
-
Sovereignty · CJEU · EU
Schrems II and why a region label isn’t a legal jurisdictionWhere the data sits matters less than which legal regime can compel access to it. Read the note →
-
IP exposure · Norton Rose Fulbright · 2025
Norton Rose Fulbright 2025: 47% of organizations expecting IP disputes cite AI as a factorWhat the litigation-trends survey says about AI tools and trade secrets. Read the note →