European organisations face AI security gaps: 2026 forecast

Kiteworks, an organisations specialising in manage risks in data transactions, has released its Data Security and Compliance Risk: 2026 Forecast Report. The analysis sheds light on the challenges European organisations face concerning AI-specific security controls and data flows.

The report, stemming from surveys of leaders across varied industries and regions, pinpoints a disparity between Europe's regulatory strides, marked by the EU AI Act, and its current security posture. European nations like France (32%), Germany (35%), and the UK (37%) lag behind the 40% global benchmark in AI anomaly detection. Other gaps are evident in training-data recovery (40%-45% across Europe against a 47% global average) and visibility on AI components (20%-25% versus 45%+ in advanced regions).

AI systems often exhibit unexpected behaviour or suffer AI-enabled attacks on European infrastructure. The inadequate detection measures can lead to compliance fines and compromised sensitive data. As Wouter Klinkhamer, GM of EMEA Strategy & Operations at Kiteworks, expressed, it's not just a compliance gap but a security one.

The report puts forth six pivotal forecasts for Europe in 2026:

1. Lag in AI-specific breach detection: European countries will continue trailing in AI anomaly detection capabilities, exacerbating the impact of breaches.
2. Incomplete AI incident response: Europe stands behind in adopting training-data recovery, limiting forensic analysis in regulatory situations.
3. Poor AI supply chain visibility: The region lags in Software Bill of Materials (SBOM) adoption, crucial for tracking third-party AI components.
4. Vulnerability to third-party AI vendor incidents: Lack of joint incident playbooks could see breaches spread unchecked.
5. Manual governance evidence generation: Organisations struggle with non-automated compliance documentation, risking regulatory and insurance challenges.
6. Inadequate AI incident response capabilities: This risks wider breaches due to delayed forensic analysis.

The forecast stresses that the fallout is more than compliance concerns. AI systems are pivotal, often handling sensitive data and integrating autonomously with key infrastructure. Unchecked AI models or third-party components escalate security threats, from adversarial inputs to operational disruptions.

The challenge is more than governance; it's about facing real breaches, not just regulatory scrutiny. The Data Security and Compliance Risk: 2026 Forecast Report identifies unified audit trails and training-data recovery as crucial measures for organisations seeking success. By addressing these gaps, European entities can achieve not only compliance but resilience.

Amidst these challenges, "The AI Act" sets governance standards. The query is whether European organisations can match their policies with solid security.