Toronto, ON — A new IBM Canada study has revealed that three out of four Canadian office workers who use artificial intelligence at work are relying on unapproved, unsecured AI tools, creating what experts call a “Shadow AI crisis” that could expose businesses and customers to major data breaches and privacy violations.
According to the study, while 75% of full-time employees report using AI tools to boost productivity, only 25% rely on secure, enterprise-approved platforms. The remainder are turning to personal or consumer-grade tools that often lack robust data encryption, privacy safeguards, and bias controls.
“Shadow AI is a hidden threat in Canadian businesses,” said Rob Wilmot, General Manager and Managing Partner for IBM Consulting Canada. “Employees who use unapproved AI tools are exposing organizations to breaches that can cost an average of $308,000 per incident — and these risks are growing as AI adoption accelerates.”
IBM’s research highlights that Canada remains among the top countries globally for data breaches, with over 800,000 accounts leaked in 2025 alone. The problem is compounded by the ease of access to online AI tools that are not governed by company IT or compliance departments.
“AI can be a powerful tool to boost creativity and strategic thinking,” Wilmot added. “But using personal AI apps for business purposes without proper oversight can compromise sensitive company and customer information.”
Experts Urge Safer AI Adoption
IBM advises employees to avoid using personal AI tools for work and to advocate for secure, enterprise-grade AI systems built with transparency and bias mitigation.
The warning comes amid growing concerns from cybersecurity experts. A recent QBE Canada report found a sharp increase in ransomware attacks driven by the misuse of generative AI (GenAI), predicting incidents will climb from 5,010 in 2024 to more than 7,000 by the end of 2026.
“GenAI is reshaping the cyber threat landscape,” the report said, noting that AI is enabling hackers to automate attacks with greater speed, scale, and precision.
Key Takeaway for Businesses
With the rapid spread of AI in workplaces, IBM emphasizes the need for clear corporate AI policies, employee training, and secure platforms that ensure compliance with privacy laws and data protection standards.
“Companies must act now to manage Shadow AI risks,” Wilmot said. “The longer organizations ignore this issue, the higher the cost — both financially and reputationally.”