The real AI maturity gap is between data readiness and governance

AI ambition is universal, but why does progress feel so uneven?

Drawing on analysis of 1,000+ executive surveys, Gabby Fredkin, Head of Analytics & Insights at ADAPT, outlined how organisations are navigating AI maturity through the lens of data, governance, and operating models at Security Edge.

This framework helps security and governance leaders identify where they sit and what questions unlock progress.

Most organisations do not stall on AI because they lack pilots.

They stall because data architecture and governance are not maturing in step.

Organisations often over-invest in one dimension.

Strong infrastructure without governance leads to uncontrolled scale, while heavy governance without enabling architecture slows innovation.

Both imbalances limit AI’s impact. Gabby maps this imbalance through four archetypes:

1. Koalas (low data, low governance): slow, fragmented experimentation
2. Greyhounds (high data, low governance): fast but unsustainable scaling
3. Turtles (high governance, low data): controlled but slow-moving
4. Tigers (high both): decisive, integrated, and value-driven

Poor data and fragmented models are the real blockers

The biggest barrier to AI scale is structural, not technical, driven by poor data readiness and inconsistent operating models.

Even as priorities shift year to year, core challenges (funding, legacy systems, skills), persist.

AI exposes deeper issues around accountability, workflows, and process fragmentation that organisations can no longer ignore.

ADAPT data reveals 56% of organisations are “not ready” or “emerging” in data preparedness and 50% of deployed AI systems lack formal governance.

Fragmented processes and inconsistent operating models remain a challenge.

Gabby reinforced a constant: “garbage in, garbage out”, untrusted or unclassified data creates friction, not scale.

The path forward is question-led leadership

Security leaders drive AI maturity by asking targeted, context-specific questions, not by imposing blanket controls.

Each maturity archetype requires different interventions.

Progress comes from aligning governance, data, and people, while embedding security into decision-making, not bolting it on.

For koalas, the first questions are practical.

Leaders need to understand which tools are already in use, what sensitive data is entering AI systems, and who actually owns governance.

For greyhounds, the focus shifts to control.

They need to know how agent identities are being managed, whether risk can be quantified clearly, and whether token costs are being controlled before scale becomes expensive and unstable.

For turtles, the challenge is whether governance is becoming a constraint.

They need to ask whether existing processes are limiting value, and whether they are enabling scale or simply creating delay through exceptions.

For tigers, the issue is endurance at scale.

They need to test whether their operating models can sustain AI across the business, and how trust will be maintained as transformation accelerates.

AI leaders do not create progress simply by moving from one quadrant to another. They unlock value by asking the right questions for the state they are already in.

Key takeaways:

• AI scale is constrained less by technology and more by data quality, governance maturity, and fragmented operating models.
• Organisations cluster into four maturity archetypes (koala, greyhound, turtle, tiger), each with distinct risks and unlocks.
• Security leaders accelerate AI adoption not by controlling outcomes, but by asking sharper questions around governance, data, and accountability.