Shadow AI Executives: The Boss Is the Biggest Policy Breaker, TrustedTech Survey Finds

Estimated reading time: 5 minutes

Ask a CISO what worries them most about shadow AI. The answer usually points to junior staff. New survey data points the finger up the org chart instead.

TrustedTech, a Microsoft cloud solutions provider, commissioned Censuswide to survey 2,001 UK and US employees in March 2026. The report, “Shadow AI in the Workplace,” found that 65% of decision-makers use unapproved AI tools. Among the staff below them, the figure is 31%. At the C-level, it reaches 73%. Entry-level workers sit at 36%.

The people who sign AI policies are the people breaking them. For cyber underwriters, that inverts a core assumption about where insider AI risk lives.

“The people setting the policy are breaking the policy, and they know it,” the report states.

Inverted pyramid glowing amber at the wide executive tier on a navy background, next to the words Shadow AI Executives, 65% use unapproved AI tools, from Cyber Insurance News.

A Health Warning on the Headline Number

TrustedTech reports that 48% of employees overall use shadow AI. Treat that figure with care. The sample splits evenly between decision-makers and everyone else. Real workforces carry far fewer managers. Weighted to an actual org chart, the true rate would land closer to the 31% staff figure. The seniority gap is the defensible finding. The blended headline number is a survey artifact.

The vendor conflict also deserves plain language. TrustedTech sells Microsoft licensing and Copilot readiness assessments. Every recommendation in the report funnels toward that service line. The data still merits attention.

They Know the Risks and Continue Anyway

Awareness is high across the sample. About 77% of respondents say unapproved AI tools carry real security or data-privacy risks. Decision-makers are also the group most worried about shadow AI, at 56%. They use the tools regardless.

See also  Travelers Complete Corvus Insurance Acquisition

“Organizations have prioritized deploying AI tools over preparing the people who use them,” said Julian Hamood, TrustedTech’s founder.

The stated reasons matter for underwriting. Surveillance fear ranks alongside tool access. Some 42% of decision-makers believe their employer monitors AI use. Almost a quarter cite career anxiety as a reason to keep AI use off the books. Sanctioned tools log activity. Personal ChatGPT accounts do not.

Bans Backfire at the Top

The survey asked whether employees would keep using AI tools under a workplace ban, even risking discipline. Some 29% said yes. Among decision-makers, 37% would defy the ban. Among their staff, only 19% would. Enforcement-only policies discipline the compliant and miss the privileged.

This echoes what Travelers flagged in its Q1 2026 threat report. Bans remove visibility before they remove behavior.

The July Renewal Trigger

Microsoft announced Microsoft 365 price increases on December 4, 2025, effective July 1, 2026. Increases run from 5% to more than 40% depending on the SKU. Standalone Copilot pricing is unchanged.

TrustedTech asked what happens if employers restrict AI access to absorb the cost. Some 35% of respondents said they would likely shift to personal, unapproved tools. Among decision-makers, 47% said so. Cost-driven license cuts may convert sanctioned users into shadow users at the exact seniority level holding the most sensitive data. Note the self-interest here too. A Microsoft licensing reseller benefits when firms expand licenses rather than trim them.

The Skills Divide Below

Only 23% of employees learned AI skills through employer training. Some 36% taught themselves. Confidence follows the training. Some 78% of decision-makers feel confident using AI effectively, against 43% below them. Protiviti’s AI Pulse Survey found the same governance gap from the board’s side of the table.

See also  Fools Rush In - AI Security Lags as Breaches Rise: IBM's 2025 Data Breach Report

What It Means for Underwriters and Brokers

Three cyber insurance application questions get harder after this data. First, who attests to AI controls? The executive signing the application belongs to the heaviest shadow-use cohort. That raises misrepresentation exposure at claim time. Second, does the insured’s AI policy rely on bans? The defiance data suggests bans produce false comfort and worse logs. Netskope’s telemetry already shows violations doubling as use triples. Third, can the insured trace an AI-driven loss to an identity? The agent liability question starts with the same visibility problem.

Brokers should treat the July renewal season as a live exposure window. Clients cutting M365 seats to save money may be buying a data-leak problem with the savings.

FAQ – Shadow AI Executives

Who uses shadow AI most at work?

Senior decision-makers. TrustedTech found 65% of decision-makers use unapproved AI tools, against 31% of staff below them. C-level executives reach 73%.

Why do executives use unapproved AI tools?

Top reasons include limited access to approved tools and better performance from consumer tools. Surveillance fear ranks high. Many worry logged AI use could affect how their competence is judged.

Do AI bans work?

The data suggests they miss their target. Some 37% of decision-makers said they would defy a workplace AI ban, even risking discipline. Only 19% of junior staff said the same.

Why does this matter for cyber insurance?

The executives attesting to AI controls on applications belong to the heaviest shadow-use group. That creates disclosure accuracy, controls verification, and post-loss forensics questions for underwriters.

Leave a Comment

×