The Institute of Directors has published new survey insights on business adoption of artificial intelligence, with governance, strategy, and risk sitting alongside the technology’s operational promise.
The survey, conducted by the Institute of Directors in collaboration with Hiscox, examines how organisations are approaching AI adoption, opportunities, challenges, strategy, and governance. Its emphasis reflects a growing expectation that boards understand not only where AI is being used, but how it is controlled.
AI tools have spread across customer service, marketing, finance, legal work, software development, HR, research, and operations. In many organisations, generative tools have already been used informally by employees, while more structured projects are being developed around automation, analytics, knowledge management, and AI-assisted decision-making.
Governance is now becoming the harder part of adoption. Boards are expected to know where AI is deployed, what data it uses, which suppliers are involved, who is accountable for outputs, and how risks are monitored. The issue cannot be left solely to technology teams because AI use crosses legal, commercial, operational, employment, and customer-facing functions.
The risk set is broad. Inaccurate outputs, intellectual property exposure, bias, data leakage, procurement weakness, cyber vulnerability, regulatory uncertainty, workforce disruption, and reputational damage can all arise from poorly controlled AI use. A tool used casually to summarise documents may create one set of risks; a system influencing credit, recruitment, pricing, medical triage, or customer outcomes creates another.
Regulatory expectations are also developing. The European Union’s AI Act is already shaping compliance standards across the continent, while UK policymakers continue to balance innovation with safety and accountability. Even where a company is not directly caught by specific AI legislation, clients, investors, insurers, and regulators are increasingly asking for evidence of governance.
The commercial pressure to adopt AI remains strong. Companies are using the technology to reduce repetitive work, speed up analysis, personalise customer interactions, improve forecasting, support software development, and summarise large volumes of information. Those gains can be material in sectors with high labour intensity or large pools of unstructured data.
Value becomes harder to extract when adoption is fragmented. Employees may be using consumer-grade AI tools to draft communications, analyse data, or prepare internal material before the organisation has approved platforms, data rules, or training. Leadership may then have an incomplete view of risk exposure, while teams develop habits that are difficult to govern later.
Boards also face a measurement problem. AI investment is often justified through productivity, efficiency, or improved decision-making, yet those outcomes can be difficult to quantify. A governance framework must therefore deal not only with risk controls, but also with benefits tracking, procurement discipline, accountability, and clarity over where AI improves performance.
The skills requirement is changing as well. Directors do not need to become technologists, but they do need enough fluency to challenge management assumptions, understand risk appetite, and identify weak controls. That includes questions around data quality, vendor dependency, auditability, explainability, cybersecurity, workforce impact, and the difference between task automation and systems that influence decisions.
Board committees may need to adapt. Audit, risk, technology, people, and remuneration committees can all be drawn into AI governance depending on the use case. A workforce productivity tool may raise employment and training questions, while a customer-facing model may require risk, legal, and reputational oversight. Procurement decisions may also require greater scrutiny where model providers become embedded in core processes.
The survey’s central lesson is practical rather than theoretical. Organisations that want durable gains from AI will need approved use cases, accountable owners, staff training, data controls, supplier scrutiny, and board reporting. Enthusiasm can start adoption, but discipline will determine whether the technology improves performance without creating unmanaged exposure.
You must be logged in to post a comment.