Estimated reading time: 5 minutes
Ask a CISO what worries them most about shadow AI. The answer usually points to junior staff. New survey data points the finger up the org chart instead.
TrustedTech, a Microsoft cloud solutions provider, commissioned Censuswide to survey 2,001 UK and US employees in March 2026. The report, “Shadow AI in the Workplace,” found that 65% of decision-makers use unapproved AI tools. Among the staff below them, the figure is 31%. At the C-level, it reaches 73%. Entry-level workers sit at 36%.
The people who sign AI policies are the people breaking them. For cyber underwriters, that inverts a core assumption about where insider AI risk lives.
“The people setting the policy are breaking the policy, and they know it,” the report states.
A Health Warning on the Headline Number
TrustedTech reports that 48% of employees overall use shadow AI. Treat that figure with care. The sample splits evenly between decision-makers and everyone else. Real workforces carry far fewer managers. Weighted to an actual org chart, the true rate would land closer to the 31% staff figure. The seniority gap is the defensible finding. The blended headline number is a survey artifact.
The vendor conflict also deserves plain language. TrustedTech sells Microsoft licensing and Copilot readiness assessments. Every recommendation in the report funnels toward that service line. The data still merits attention.
They Know the Risks and Continue Anyway
Awareness is high across the sample. About 77% of respondents say unapproved AI tools carry real security or data-privacy risks. Decision-makers are also the group most worried about shadow AI, at 56%. They use the tools regardless.
“Organizations have prioritized deploying AI tools over preparing the people who use them,” said Julian Hamood, TrustedTech’s founder.
The stated reasons matter for underwriting. Surveillance fear ranks alongside tool access. Some 42% of decision-makers believe their employer monitors AI use. Almost a quarter cite career anxiety as a reason to keep AI use off the books. Sanctioned tools log activity. Personal ChatGPT accounts do not.
Bans Backfire at the Top
The survey asked whether employees would keep using AI tools under a workplace ban, even risking discipline. Some 29% said yes. Among decision-makers, 37% would defy the ban. Among their staff, only 19% would. Enforcement-only policies discipline the compliant and miss the privileged.
This echoes what Travelers flagged in its Q1 2026 threat report. Bans remove visibility before they remove behavior.
The July Renewal Trigger
Microsoft announced Microsoft 365 price increases on December 4, 2025, effective July 1, 2026. Increases run from 5% to more than 40% depending on the SKU. Standalone Copilot pricing is unchanged.
TrustedTech asked what happens if employers restrict AI access to absorb the cost. Some 35% of respondents said they would likely shift to personal, unapproved tools. Among decision-makers, 47% said so. Cost-driven license cuts may convert sanctioned users into shadow users at the exact seniority level holding the most sensitive data. Note the self-interest here too. A Microsoft licensing reseller benefits when firms expand licenses rather than trim them.
The Skills Divide Below
Only 23% of employees learned AI skills through employer training. Some 36% taught themselves. Confidence follows the training. Some 78% of decision-makers feel confident using AI effectively, against 43% below them. Protiviti’s AI Pulse Survey found the same governance gap from the board’s side of the table.
What It Means for Underwriters and Brokers
Three cyber insurance application questions get harder after this data. First, who attests to AI controls? The executive signing the application belongs to the heaviest shadow-use cohort. That raises misrepresentation exposure at claim time. Second, does the insured’s AI policy rely on bans? The defiance data suggests bans produce false comfort and worse logs. Netskope’s telemetry already shows violations doubling as use triples. Third, can the insured trace an AI-driven loss to an identity? The agent liability question starts with the same visibility problem.
Brokers should treat the July renewal season as a live exposure window. Clients cutting M365 seats to save money may be buying a data-leak problem with the savings.
FAQ – Shadow AI Executives
Senior decision-makers. TrustedTech found 65% of decision-makers use unapproved AI tools, against 31% of staff below them. C-level executives reach 73%.
Top reasons include limited access to approved tools and better performance from consumer tools. Surveillance fear ranks high. Many worry logged AI use could affect how their competence is judged.
The data suggests they miss their target. Some 37% of decision-makers said they would defy a workplace AI ban, even risking discipline. Only 19% of junior staff said the same.
Microsoft raises M365 prices on July 1, 2026. In the survey, 47% of decision-makers said they would likely use personal AI tools if employers restricted access due to cost.
The executives attesting to AI controls on applications belong to the heaviest shadow-use group. That creates disclosure accuracy, controls verification, and post-loss forensics questions for underwriters.
Related Cyber Insurance Posts
- World Cup Phishing Surges 500% As Attackers Time Their Runs For Kickoff
- Cyber Insurance And Quantum Computing – The New Risk(Opens in a new browser tab)
- UK Government to Ban Ransomware Payments(Opens in a new browser tab)
- Cyber Warfare Escalates Worldwide As AI Turns Digital Conflict Into Constant Pressure(Opens in a new browser tab)
- Marks & Spencer Hack Could Cost $400 million; CEO “In Shock”(Opens in a new browser tab)