AI Readiness Survey

How does IT support departments in adopting AI tools or automation? *

IT does not get involved

IT blocks AI tools due to security concerns

IT supports limited AI tool adoption with approvals

IT actively enables and governs AI adoption across teams

How prepared is IT for AI-related cybersecurity risks? *

Not prepared / no discussion

Aware but no plan

Some controls exist (access, monitoring, policy)

Strong AI-risk framework with regular reviews and controls

What is the biggest challenge preventing IT from adopting AI or automation? *

Budget constraints

Skill gap in AI and modern tools

Data security and compliance concerns

Lack of leadership alignment and business demand

How does IT handle employee usage of external AI tools (ChatGPT, Gemini, Copilot, etc.)? *

No policy — employees use freely

AI tools are blocked completely

Allowed with basic guidelines

Allowed with strong governance, approved tools, and monitoring

How prepared is IT to manage AI-generated content risks (fake emails, deepfake voice, fraud)? *

Not discussed

Aware but no plan

Some awareness training + controls

Strong detection + policies + response plan

How prepared is IT to prevent prompt injection/data leakage in AI tools? *

Not aware

Aware but no controls

Some controls (policy + awareness)

Strong controls (DLP, secure gateways, monitoring)

Does IT have controls to restrict AI tools from using company data for training? *

Not sure

Yes, for some tools

Yes, for all approved tools with contracts

How mature is IT’s incident response plan for AI-related issues? *

No plan

Basic incident response exists

AI-related scenarios included partially

Fully included + tabletop exercises done

Does IT have a defined AI roadmap for the next 12–24 months? *

No roadmap

Discussed informally

Draft roadmap exists

Formal AI roadmap aligned with business goals

How does IT evaluate new AI tools/vendors before adoption? *

No structured evaluation

Based on demos and quick decisions

Structured evaluation with security review

Full evaluation: security + compliance + pilot + ROI assessment

What is IT’s long-term ambition for AI usage in the organization? *

No ambition / only basic IT support

Use AI only for IT monitoring

Use AI for IT + business process automation

AI-first organization: IT as the AI enabler and governance leader

Does IT have an approved list of AI tools for employees? *

No list

Tools are blocked

Limited approved tools

Approved tools + governance + usage monitoring

How does IT evaluate AI tools for data privacy risks? *

No evaluation

Only basic review

Security + privacy checklist exists

Full risk assessment + legal + vendor review + DLP checks

Does IT have policies for using company data in AI tools? *

No policy

Policy exists but not communicated

Policy exists and communicated

Policy + training + enforcement + monitoring

How prepared is IT to support AI model deployment (MLOps) if needed? *

No capability

Basic awareness only

Some capability via cloud tools

Strong capability: pipelines, monitoring, governance

How does IT handle vendor lock-in risk for AI tools? *

No consideration

Some awareness

Evaluated during selection

Actively managed with contracts, portability planning, and standards

Does IT have an AI governance committee or defined ownership? *

No ownership

Informal ownership

Defined ownership within IT/security

Cross-functional AI governance with IT as core leader

How ready is IT to support AI copilots across the organization (coding, HR, finance, support)? *

Not ready

Limited readiness

Ready for pilot deployments

Ready for organization-wide rollout with controls

What is the current level of IT automation in daily operations? *

Almost none (manual work dominates)

Some scripts or small automations

Automated monitoring + automated workflows exist

AI-powered monitoring + automation across major IT processes

How does IT currently handle repetitive operational tasks (account creation, approvals, reports)? *

Fully manual

Manual with some templates

Automated using scripts/workflows

Automated + AI-assisted workflow automation

How mature is IT’s incident management process? *

No formal process

Informal process, depends on individuals

Defined process with escalation matrix

Defined process + automation + predictive alerts

How does IT support business teams in identifying automation opportunities? *

IT does not participate

Only when business requests

IT suggests automation in key workflows

IT runs regular automation discovery sessions across departments

How does IT manage patching and updates? *

Manual and irregular

Done when issues happen

Regular patch schedule

Automated patching with compliance tracking

How prepared is IT to implement AI-powered IT operations (AIOps)? *

Not prepared

Interested but no tools

Tools + pilot readiness exists

Already implementing AIOps initiatives

How mature is your DevOps / CI-CD process (if software is developed in-house)? *

No DevOps

Basic deployment process

CI/CD exists for key applications

Mature CI/CD + automated testing + monitoring + AI-assisted workflows

How ready is IT to support AI-based automation in internal workflows (ticketing, approvals, HR, finance)? *

Not ready

Limited readiness

Ready for some workflows

Fully ready with integration + security + governance

How organized and accessible is your organization’s data across systems? *

Data is scattered, mostly in Excel/manual files

Data is in systems but not integrated

Data is structured and partially integrated

Data is well-structured, centralized, and integrated across systems

What is the maturity level of your data governance practices? *

No defined governance

Basic rules exist but not enforced

Defined governance policies + partial enforcement

Strong governance with audits, ownership, and compliance tracking

How well is data quality ensured in business-critical systems (ERP, CRM, HRMS)? *

Data quality is not monitored

Users fix errors manually when found

IT supports periodic audits and cleanup

Automated data validation + continuous monitoring exists

What is the current status of API availability across key systems (HRMS, ERP, CRM, etc.)? *

No APIs available

APIs exist but limited or unstable

APIs available for most systems

Strong API ecosystem + documentation + governance

How does IT manage data integration between systems? *

Manual export/import

Some integrations exist but fragile

Middleware/tools used (ETL, integration platforms)

Central integration layer + standardized data pipelines

How is unstructured data handled (emails, PDFs, scanned documents, chats)? *

Stored randomly, no structure

Stored but hard to search

Stored with tagging and partial indexing

Structured + searchable + AI-ready (OCR, metadata, classification)

How consistent are data definitions across departments? *

Not consistent (everyone defines differently)

Some common terms exist

Mostly standardized

Fully standardized with data dictionary + ownership

How mature is the organization’s master data management (customers, vendors, employees)? *

No MDM

Partial standardization

Central master data exists

Central master data + governance + automated validation

How is data lineage handled (tracking where data comes from and how it changes)? *

Not tracked

Tracked informally

Tracked for some critical systems

Fully tracked with tools and audit trails

How often are data access permissions reviewed and cleaned up? *

Never

Only when someone leaves

Periodically (quarterly/half-yearly)

Continuously monitored with alerts

Does the organization have a centralized data warehouse or lake? *

Planning stage

Exists but limited usage

Fully implemented and widely used

How mature is the organization’s data classification (public, internal, confidential)? *

No classification

Informal

Defined classification

Classification + enforcement + DLP controls

How does IT manage data loss prevention (DLP)? *

No DLP

Basic restrictions only

DLP exists for email/storage

Full DLP across endpoints + cloud + email

How mature is metadata management (tags, data labels, ownership)? *

No metadata

Basic tags

Metadata defined for critical data

Full metadata system + ownership + automation

What is the current approach to controlling access to sensitive data? *

Access is shared informally

Basic access controls exist but not reviewed

Role-based access + periodic review

Role-based + continuous monitoring + automated alerts

How strong is your organization’s backup and disaster recovery readiness? *

No proper backup

Backup exists but recovery not tested

Backup exists and tested occasionally

Backup + DR drills + recovery time targets are strictly tracked

How mature is your organization’s cybersecurity monitoring? *

No monitoring

Basic antivirus and firewall only

Central monitoring (SIEM/log review)

Advanced monitoring + threat intelligence + automation

How secure is your organization’s endpoint environment (laptops/desktops)? *

No standard security

Basic antivirus only

Standard endpoint security + patching

Zero-trust approach + device compliance + automated patching

How mature is IT’s identity and access management (IAM)? *

Shared logins / weak control

Basic login control

Role-based access + MFA for critical systems

SSO + MFA everywhere + privileged access management

How does IT manage cloud security (if cloud is used)? *

No cloud governance

Basic security settings only

Cloud security policies exist

Strong cloud governance + continuous monitoring + audits

How does IT ensure compliance with privacy laws and regulations (GDPR, DPDP, ISO)? *

No compliance process

Some policies but weak enforcement

Compliance checks for major systems

Compliance built into processes with audits and reporting

How open is the organization’s IT architecture to AI integration? *

Mostly legacy systems, difficult to integrate

Mixed systems, limited integration capability

Modern systems + APIs available for many tools

Cloud-first + API-driven + AI integration-ready architecture

How mature is your organization’s cloud adoption? *

Fully on-prem legacy

Partial cloud usage

Mostly cloud

Cloud-first + scalable architecture + automation

How is IT currently contributing to business growth and efficiency? *

Mostly reactive support (ticket fixing, device issues)

Some automation exists but limited

IT actively improves processes using tools and integrations

IT drives business efficiency through digital transformation initiatives

How mature is your IT documentation and knowledge base? *

Very poor / no documentation

Some documentation but outdated

Updated documentation exists for key systems

Strong documentation + searchable knowledge base + automation runbooks

How does IT handle shadow IT (employees using unapproved apps/tools)? *

No tracking

Only react when problems occur

Track and restrict some apps

Full visibility + governance + approved alternatives

How skilled is the IT team in AI and automation technologies? *

No knowledge

Basic awareness only

Some trained members exist

Dedicated AI/automation expertise exists within IT

How does IT manage change management when new AI tools are introduced? *

No formal change management

Informal training

Training + documentation

Full change management: pilots, champions, training, feedback loop

Select the Roles and Responsibilities that are performed by IT department in your organization. *

IT Infrastructure Management

Network & Connectivity

Cybersecurity & Data Protection

Software & Application Management

IT Helpdesk & User Support

IT Asset Management

Data Management & Backup

System Access & Identity Management

Technology Strategy & Planning

Vendor & Service Provider Management

Compliance & Policy Management

Innovation & Automation (Modern IT Role)

How often does IT evaluate whether current tools/software are still meeting business needs? *

Only when something breaks

Once in a few years

Annually

Regularly (quarterly or continuous review)

How does IT measure performance and service quality? *

No formal measurement

Only ticket count and response time

Ticket KPIs + system uptime tracking

KPIs + user satisfaction + service improvement roadmap

How does IT handle capacity planning (storage, bandwidth, compute)? *

Only when issues happen

Basic estimates based on past usage

Regular tracking and planning

Predictive planning using analytics/AI tools

How often does IT review the ROI/value of major IT systems? *

Never

Rarely

Sometimes (annual)

Regularly with measurable business KPIs

How are system logs and monitoring data currently used? *

Rarely used unless there is a major issue

Used for troubleshooting

Used for proactive monitoring and capacity planning

Used for predictive analytics and early risk detection

How well are business-critical systems integrated with reporting dashboards? *

No dashboards

Manual reporting

Some dashboards exist

Real-time dashboards + trusted metrics

AI Readiness Survey

AI Strategy & Resources

Performance and Application

Data Infrastructure

Organization

Technology Enablers