UK businesses have spent between £22 and £30 billion on generative AI since the current wave began, according to MIT’s State of AI in Business 2025 research, and only 5% of companies say they are seeing meaningful returns. That figure gets used to argue that AI has been oversold, that the technology is not ready, that organisations were right to be cautious. I read it almost the opposite way. The technology is doing what it was designed to do. The management around it, in most organisations, is not.
That matters because organisations treating disappointing results as a technology problem tend to respond by buying more tools, switching vendors or waiting for the next model release, and none of that addresses the root of the problem. The MIT research also found that 75% of professionals say their organisation has invested or plans to invest in AI within the year, while only 31% have a formal AI strategy. Companies with a clear roadmap are up to 3.5 times more likely to achieve a measurable return. I don’t think that correlation leaves much room for doubt about where the problem sits.
Outcomes > Output
Most enterprise AI deployed over the last two years is producing output — drafts, summaries, first-line answers, generated code — and output is easy to mistake for impact because it is visible and feels productive.
Outcome is whether the needle moved: whether a process got faster end-to-end, whether cost came out of a workflow, whether customers noticed a difference. A lot of what I see in AI programmes optimises for the first without measuring the second, which is how organisations end up with genuine usage data and no detectable return.
Getting results generally requires treating AI as an operational capability from the start rather than an experiment running alongside the real work. That means it sits inside defined workflows, has specific owners, produces metrics that tie back to business objectives, and gets reviewed like any other part of the operation. It’s not glamorous, to be fair. And very little of it is what most companies did during the initial rush.
AI is your new hire
One mindset shift I have found genuinely useful is to approach every AI tool the way you would approach bringing on a new employee. You wouldn’t hire someone without a defined role, an accountable manager, a probation period, and a way of assessing whether things are working. With AI, those steps get skipped routinely.
A tool gets trialled in a team, adopted informally, then embedded into workflows while nobody formally takes ownership of it. When something goes wrong months later — a data handling issue, a compliance incident, a customer-facing mistake — the question of who was managing it rarely has a clean answer.
For me, this isn’t hypothetical. Across legal, HR and security, the situations that become genuinely difficult are almost always the ones where accountability was unclear before anything went wrong. AI is producing a fresh generation of those situations, and most of them are avoidable with ordinary organisational discipline applied earlier than most companies apply it.
What’s lurking behind the scenes
There is a related problem that leaders often underestimate: employees aren’t waiting for their organisations to work any of this out. Research from Ivanti’s Technology at Work Report found that nearly half of office workers are using AI tools their employer has not provided, and almost a third of AI users keep that activity hidden from management. Banning tools outright doesn’t stop that behaviour. It moves it somewhere harder to see.
I’d encourage leaders to be realistic about what is truly going on here. The employees most likely to reach for unsanctioned AI are often the ones most committed to doing their jobs well and looking for anything that helps them work faster. The right response is to give them vetted alternatives with clear, specific guidance on what is allowed where. Vague warnings that leave people to guess at the rules produce exactly the outcome we’re seeing now.
Who owns this, in practice
Who, specifically, owns AI governance at a leadership level in your organisation? In my experience, that question tends to produce a bit of an awkward pause. Responsibility is frequently spread thinly across IT, security, legal and individual business units, which in practice means no one function has the authority to set direction or the visibility to see what is actually in play.
That ambiguity shows up as slower decisions, inconsistent policies between departments and AI risks that fall into the spaces between functions.
AI governance doesn’t need to sit in a single named role, though in some organisations that will be the cleanest answer. What it does need is one clear line of accountability, with enough reach across the business to be useful and enough authority to make decisions that stick. Without that, governance becomes a set of documents on an intranet, and employees quite reasonably ignore them.
We already have the tools
The first wave of enterprise AI prioritised speed over almost everything else, and the results so far are about what anyone working in risk or compliance would have predicted. What comes next depends on whether organisations are willing to do the unflashy operational work: defining what AI is allowed to do and where, assigning accountable owners, measuring outcomes rather than activity and building ongoing training for the people working alongside it.
Before you go waiting for — or chasing — the next tool, know that the right tools with the right capabilities and technology already exist. The five percent of organisations reporting meaningful returns are working with roughly the same tools as everyone else, and what separates them is organisational, not technical.
That’s rather inconvenient for anyone hoping the next model release will fix their AI programme. But it’s encouraging for anyone willing to do the actual work of running one.
