Although almost two-thirds (63%) of UK organisations report strengthening privacy measures after adopting AI, only a third (34%) classify their improvements as significant.
This is according to a new survey from Zoho, which highlights that most of these organisations are being reactive rather than proactive where AI and privacy is concerned; often strengthening privacy measures after encountering issues. In doing so, this leaves them exposed to potential data breaches and operational risks if AI systems are not safeguarded from the outset.
These findings are based on a nationwide survey from Zoho commissioned via Arion Research, which took responses from 363 UK business leaders across small, mid-market, and large enterprises. It focused on organisations’ AI adoption, privacy practices, workforce readiness, and governance approaches.
37% of respondents cite prviacy and security concerns as a barrier to AI adoption. Customer data breaches remain the leading privacy concern for UK organisations as 44% of respondents rank them as their top worry. This focus has driven significant investment in privacy infrastructure, with 85% now reporting dedicated privacy officers or teams.
However, this ‘fortress’ mentality risks overlooking other critical challenges, such as algorithmic transparency, bias in AI, and the retention of training data – issues that are just as vital to building meaningful protection and long-term trust.
Workforce readiness remains a major challenge: only 20% of respondents have formally trained just 0-10% of their workforce, and only 8% have formally trained 90-100% of their workforce. This leaves many organisations reliant on learning as they go.
Respondents mentioned data analysis (56%), prompt engineering (44%), and AI literacy (37%) as their top upskilling priorities, highlighting an urgent need to build in-house expertise to make privacy measures meaningful and enforceable when it comes to AI. Overall, 32% of respondents cite lack of technical expertise as a barrier to AI adoption.
Transparency, fairness, and governance gaps remain a challenge across UK businesses. Just 48% of organisations have documented AI use policies, and just 45 per cent have documented explainability requirements for AI decisions. These gaps make it harder for companies to maintain trust and ensure clear accountability, highlighting the need for stronger AI governance.
“It is still early in terms of business AI adoption but it is expected to become more pervasive. However, organisations need to make step changes in order to mitigate risk and use AI effectively to increase positive impact. This research shows that while many UK organisations are strengthening privacy measures, too often these steps are taken reactively rather than through forward-looking planning,” said Sachin Agrawal, Managing Director, Zoho UK. “It’s encouraging that most businesses have dedicated privacy officers in place, but without the right training, governance, and clear AI use policies, these efforts may not translate into meaningful protection. To unlock AI’s full potential, organisations must go beyond compliance, embedding transparency, investing in workforce skills, and building well-defined data strategies that both safeguard information and maintain customer trust.”
State of UK adoption
The survey shows UK organisations are demonstrating sophisticated adoption of AI across three key categories: traditional AI, generative AI, and agentic AI. Generative AI has achieved the highest implementation rates, driven by practical business applications such as customer support (67%), content creation (66%), and code generation or development assistance (62%).
Traditional AI remains well-established, with mature implementations in predictive analytics (64%), customer segmentation (63%), and recommendation systems (60%). Autonomous AI, although newer, is rapidly gaining traction, with adoption in personalised customer journeys (58%), autonomous decision-making and intelligent RPA (61%), and strategic planning assistance (63%).
UK organisations are adopting AI through a strategic, staged approach, ranging from personal use of public language models to advanced, organisation-wide integration. Respondents favour a hybrid sourcing strategy, combining commercially available solutions with bespoke applications developed internally or with external partners, allowing them to select the best-fit solution for their needs.
AI investment is focused on areas with clear business impact. Top priorities cited by respondents include embedding AI into enterprise applications, developing hybrid or custom solutions, and in-house development. Key application areas are customer service (43%), software development and coding (41%), fraud detection (34%), automation (31%), marketing (30%), and product development (29%), emphasising a pragmatic approach that prioritises measurable ROI and direct business benefits.
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by visiting our LinkedIn page.
