Organisations in India experience more than ten times more AI-related data policy violations than global counterparts

AI adoption has progressed steadily over the past year, with 83% of employees based in India now using AI tools, up from 55% a year ago. The number of AI apps tracked by Netskope Threat Labs also increased fivefold, to more than 1,800, illustrating the rapid growth in the variety of tools available. While ChatGPT is the most widely used AI application in India (in 88% of organisations), Anthropic Claude is now in second place after a massive jump in adoption over the last twelve months (from 30% to 84% of organisations).

With more users using more AI tools more regularly, the probability that they inadvertently include sensitive data in prompts or documents increases, and this risk is particularly prevalent in India. The average local organisation experiences more than 3,000 AI-related data policy violations each month, more than ten times the global average (223 / month)

While regulated data is the type of sensitive data most frequently involved in those policy violations globally, source code is largely more exposed in India. Almost half of all data policy violations involve source code (49%), followed by regulated data (23%), intellectual property (23%), and passwords and API keys (5%). 

In response, organisations based in India are aggressively deploying AI tools managed by the company to keep their employees away from using personal AI accounts over which they have little to no visibility, or ability to prevent data loss incidents. This effort led to a marked change in behaviour over the past year. The use of personal AI accounts at work dropped sharply, from 79% to 41% (vs 47% globally), while the adoption of organisation-managed accounts surged, from 30% to 77% (vs 62% globally) over the same period. 

Ray Canzanese, Director of Netskope Threat Labs said: “When organisations innovate, the balance between innovation and security is always difficult to strike. Ultimately, they need to enable their workforce to enjoy the full benefits of AI technology without putting sensitive data at risk. Organisations based in India have made progress in curbing shadow AI usage, but with 4 in 10 employees still using personal AI accounts at work, there’s a need for further efforts to eliminate these behaviours. This is particularly pressing given the much higher propensity from employees in India to expose sensitive data when using AI tools.” 

The widespread use of cloud applications in the workplace is continuing to act as a vector for both data loss and malware delivery across organisations in India

Employees using personal cloud applications in the workplace are blurring the boundaries between corporate and personal data management, and create an ongoing risk of uploading sensitive company data into personal accounts. 

Measures that exist to mitigate this risk include offering automated, real-time guidance to employees to dissuade them from sharing sensitive data with unmanaged services, or blocking uploads to personal apps. Over the past year, more than one in three organisations in India (37%) blocked attempts from employees to upload sensitive data into personal Google Drive accounts, closely followed by personal ChatGPT (33%) and Google Gmail accounts (30%). 

Attackers also continue to take advantage of the inherent trust employees put in legitimate cloud applications, and the content they find in them. In India, OneDrive, GitHub, and Google Drive, due to their wide adoption across local organisations, were the platforms most frequently exploited by attackers for malware distribution, with 12%, 9.5%, and 4.1% of organisations detecting employee attempts to download malware from each app respectively. 

Ray Canzanese, Director of Netskope Threat Labs said: “While cloud platforms have multi-layered defence against malware to remove malicious content quickly, even short delays in detection can allow malware to be successfully delivered and spread internally. It is therefore critical for organisations to consider deploying security capabilities encompassing cloud usage, especially for free and unsanctioned accounts, which is where the threat is usually sourced.” 

Author