AI adoption lags in regulated sectors amid compliance demands

New survey data highlights a widening gap in artificial intelligence adoption between technology companies and businesses operating in highly regulated sectors, due to differing requirements regarding compliance and security.

Adoption gap

The findings show that 92% of technology companies are now using AI in support operations. In comparison, only 58% of organisations in regulated industries such as healthcare, financial services, and government have implemented similar solutions. This gap is attributed to contrasting approaches in meeting compliance and security needs. While technology firms often proceed with deployment and address compliance retrospectively, regulated organisations require validation before moving forward.

Security priorities

Security has become a deciding factor in technology procurement for support operations. Eighty-one percent of businesses surveyed rate security as either "critical" or "very important". Most organisations, at 78%, require the involvement of IT or security teams in purchasing decisions. The stage at which security validation is conducted varies, further impacting AI adoption rates across industries.

Regulated sectors face strict external compliance requirements, with frameworks such as HIPAA, PCI DSS, and FedRAMP determining procurement decisions. In financial services and healthcare, 64% and 61% of respondents respectively said compliance was a significant security driver. Despite a high level of security awareness-86% in financial services, 39% in healthcare, and 50% in government-these sectors show slower AI adoption due to pre-deployment compliance checks.

Compliance impact

Compliance is cited as the main driver of increased security investment by 42% of the organisations surveyed. Standardised frameworks are seen as a key to accelerated adoption: 58% said they would increase investment in secure AI solutions if there was wider industry uptake of standards. The need to secure data and ensure regulatory compliance remains a priority, influencing the pace of digital transformation initiatives.

Market transition

A significant proportion, 53%, of organisations report being in the early stages of AI implementation for support operations, such as pilot or evaluation phases. The study found that 74% expect to increase their focus on AI security over the next two years. Demand is shifting towards solutions that meet both innovation and compliance requirements at the point of adoption.

Sector differences

"The AI adoption gap isn't a technology problem, it's an architecture problem. Technology companies can adopt cloud-based AI because they're willing to move fast and validate security reactively. Financial services, healthcare, aerospace, and governments can't do that. They need solutions that meet compliance requirements before deployment, not after. That architectural difference is precisely why current solutions are inadequate in regulated markets. The solutions winning in tech are structurally incompatible with regulated industries' needs," said Brad Murdoch, CEO, Deskpro.

Future outlook

AI maturity correlates strongly with security priorities. Among organisations that make extensive use of AI, 94% regard security as either "critical" or "very important". Mid-sized businesses, which often lack the security resources of larger enterprises but must contend with similar regulations, are especially focused on secure AI implementation.

"Organisations are asking themselves a fundamental question: do I have to choose between AI capabilities and data sovereignty? The answer should be no," continued Brad Murdoch, CEO, Deskpro. "The market is demanding solutions that deliver production-grade AI while keeping data within their own infrastructure and giving them freedom to choose their own AI providers. That combination is what will define the next generation of enterprise software."