More than a quarter of US businesses dangerously unprepared for AI risks, new research from CyXcel shows

Recent research from CyXcel, a global cyber security consultancy, highlights a concerning gap: over a quarter of US businesses surveyed have only just implemented their first AI risk strategy (27%) - and nearly a quarter (23%) don’t have any AI governance policy in place.

This critical gap exposes organizations to substantial risks including data breaches, regulatory fines, reputational harm and critical operational disruptions, especially as AI threats continue to grow and rapidly evolve. CyXcel’s research shows that nearly a fifth (20%) of US companies surveyed are still not prepared for AI data poisoning, a type of cyberattack that targets the training datasets of AI and machine learning (ML) models, or for a deepfake or cloning security incident (19%). 

Responding decisively to these mounting threats and geopolitical challenges, CyXcel has launched its Digital Risk Management (DRM) Platform, which provides businesses with insight into evolving AI risks across all major sectors, regardless of business size. The DRM helps organizations identify risk and implement the right policies and governance to mitigate them. Unlike conventional offerings, CyXcel’s DRM uniquely brings together cyber, legal, technical and strategic expertise that has been developed over decades working with companies across numerous sectors, and follows best practices.

Megha Kumar, Chief Product Officer and Head of Geopolitical Risk at CyXcel comments, “Organizations want to use AI but are worried about risks – especially as many do not have a policy and governance process in place. The CyXcel DRM provides clients across all sectors, especially those that have limited technological resources in house, with a robust tool to proactively manage digital risk and harness AI confidently and safely.”

CyXcel’s DRM monitors threats to digital operations and provides deep insights and actionable strategies across seven categories – AI, Cyber, Geopolitics, Supply Chain, Technology (OT/IT), Regulation and Corporate Responsibility – all via an online dashboard, aiding users to understand, minimize, transfer and manage digital risk. The DRM also supports businesses in deciding what digital solutions to adopt and how they can achieve and retain peak digital resilience. 

The DRM Platform provides businesses with insight from both legal and technical experts allowing individual risk owners to get targeted visibility into risk intensity, key trends and emerging threats. Further, it gives advice as to how risk owners can manage those risks and align their investment in digital operations with their business goals. 
Additionally, the DRM provides access to bespoke remediation services and advice bridging the gap between the executive, legal and technical teams. For example, CyXcel can help organizations develop AI governance policies as well as evaluate AI systems for security, privacy and technical vulnerabilities. 

Traditional approaches treat risk management and compliance as separate tracks. CyXcel's DRM brings them together, reducing the burden of compliance across all digital risks. And if a regulatory investigation or enforcement action arises, CyXcel provides seamless, end-to-end support: from dispute resolution and litigation in the UK (directly and via Weightmans), to on-the-ground expertise in the US through our local partner network, and international coverage in 55 countries via our Global Legal Service. 

Especially for organizations that are mandated by strict regulations, the DRM can help clients ensure customer trust on data protection, safeguard executives against personal liability and protect against action by regulators. In particular, the DRM focuses on the 26 sectors that are obligated to comply with the EU’s NIS2 or DORA and are categorized as Critical National Infrastructure (CNI) in the US, UK or EU.

Edward Lewis, CEO, added, “The cybersecurity regulatory landscape is rapidly evolving and becoming more complex, especially for multinational organizations. Governments worldwide are enhancing protections for critical infrastructure and sensitive data through legislation like the U.S. Cyber Incident Reporting for Critical Infrastructure Act requires mandatory reporting of cyber incidents and ransomware payments, strengthening oversight and response capabilities. With new standards and controls continually emerging, staying current is essential. CyXcel’s Digital Risk Management solutions are vital to helping organizations navigate and comply with these changes.”

The DRM is available from 19 June 2025. To find out more, visit https://www.cyxcel.com/drm/.