In an era where businesses increasingly rely on artificial intelligence (AI) and advanced data capabilities, the effectiveness of IT services is more critical than ever. Yet despite the advancements in technology, business leaders are increasingly dissatisfied with their IT departments.

According to a study by IBM’s Institute for Business Value, confidence in the effectiveness of basic IT services among top executives has significantly declined. While AI promises transformational capabilities, particularly generative artificial intelligence (gen AI), the road to realizing these benefits is fraught with challenges, particularly in data management.

Apparently, many executives feel inadequate data quality, accessibility and security are exposing their businesses to unnecessary risks. Let’s unpack this emerging data liability concern and find out what companies are doing to lower their risk.

The growing unease with IT services in the age of AI

The expectations of IT departments have shifted dramatically in recent years due to digital transformation and the proliferation of AI. As businesses increasingly rely on technology to provide a competitive edge, the pressure on IT departments to deliver is immense. However, this has not translated into greater confidence in IT services.

The IBM study reveals that among tech leaders, only 43% say their organizations are effective at delivering differentiated products and services. And only half of tech leaders say their teams have the knowledge and skills to incorporate new technology. For generative AI expertise specifically, 40% of tech CxOs say their anxiety has increased over the past six months.

This dissatisfaction extends to concerns about data management. A startling statistic from the IBM survey shows that only 29% of tech leaders believe their enterprise data meets the necessary quality, accessibility and security standards to scale generative AI. This indicates a major gap between the expectations of business leaders and the reality of IT capabilities, especially in the context of data-driven AI systems.

Data liability in the AI age

Data is the foundation upon which AI operates, but it also presents a huge liability if not properly managed. Data quality, accessibility and security are essential to ensuring that AI applications function as intended. Poor data management can lead to inaccurate models, biased outputs and security vulnerabilities—issues that can have far-reaching consequences for businesses. In fact, 43% of business leaders surveyed by IBM expressed increasing concerns about their technology infrastructure over the past six months because of gen AI.

Moreover, businesses face increasing regulatory scrutiny around how they collect, store and use data. Therefore, data compliance adds even more pressure, as companies must ensure they are not only leveraging data effectively for AI but also complying with regulations and data protection laws.

The implications of poor data management are vast. In addition to potential financial losses from inefficient AI models, companies may face legal headaches due to data breaches, mismanagement of sensitive information or failure to comply with data regulations. If not managed properly, data liability can become a thorn in the side of business leaders and IT departments alike.

Enter governance, risk and compliance (GRC)

One solution to the growing data liability problem is a robust governance, risk and compliance (GRC) framework. GRC is an organizational strategy that aligns IT practices with business objectives. This ensures that risks are managed and regulatory compliance is maintained. By weaving GRC into the fabric of IT operations, businesses can proactively address the challenges associated with data management and AI scaling.

These are the three pillars of the GRC framework:

1. Governance refers to the set of rules, policies and processes that ensure corporate activities are aligned with business goals. Effective governance ensures that management can influence and direct activities across the organization. It aligns business units with customer needs and corporate objectives.

2. Risk management involves identifying, assessing and mitigating financial, legal, strategic and security risks. In the context of AI and data, risk management is crucial for identifying vulnerabilities, such as software flaws or poor data practices, which could compromise the integrity of AI models.

3. Compliance ensures that organizations adhere to internal and external regulations, whether industry-specific or government-mandated. A strong compliance program keeps the organization in line with data privacy laws, such as the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA).

Leveraging GRC to address data liability

Another key benefit of GRC is its ability to elevate the discussion of data management beyond the IT department and into the boardroom. Too often, data management is seen as a purely technical issue. But in reality, it reaches deep into business performance, legal exposure and customer trust. GRC encourages collaboration between IT, finance, legal and business units. And this ensures that data management is treated for what it is: a genuine strategic priority.

GRC creates clear policies for data governance, which means data is handled consistently across the organization. This includes implementing data fabric architectures and enterprise data standards, which provide the necessary infrastructure for scaling AI applications. These architectures help break down data silos and enable seamless data integration. And this makes it easier for AI systems to access and utilize data in real time.

Addressing the gender gap in AI

An often overlooked aspect of data liability is the role of diversity in AI development. The IBM study highlights the need to bring more women into IT and AI roles to ensure diverse perspectives are considered in AI development and data management. This approach can act as a safeguard against biases that might be embedded in AI models due to overly homogeneous dev teams.

“If 70%, 80% of IT professionals are men, it’s obvious that AI is going to be coded with bias,” notes Marisa Reghini Ferreira Mattos, Chief Technology and Digital Business Development Officer at Banco do Brasil.

Encouraging women to become IT and AI subject matter experts expands the talent pool. This helps shape AI transformation in a way that is more inclusive and representative of broader societal concerns.

The role of GRC software

Implementing GRC effectively requires the right tools. For example, GRC software can streamline processes such as risk assessments, compliance management and audits. These platforms provide businesses with a centralized way to manage data governance, track compliance with regulations and assess risks in real time. By automating tasks associated with GRC, organizations can reduce the administrative burden on their IT teams and help them meet compliance requirements.

Moreover, GRC tools can provide valuable insights by correlating data management practices with business outcomes. High-performing organizations that connect technology investments to measurable outcomes, effective strategy and cross-functional collaboration report 52% higher revenue growth, according to the IBM study. This highlights the importance of not only implementing GRC but also measuring its impact on the business.

The data management advantage

As businesses continue to adopt AI at scale, the importance of effective data management cannot be overstated. Data liability is a growing concern for business leaders, and the consequences of poor data practices can be severe. However, by adopting a robust GRC framework, organizations can mitigate these risks and turn data management into a competitive advantage.

GRC provides the structure needed to govern data, manage risks and ensure compliance, thus enabling businesses to thrive in the AI-driven future.