Mimecast has released research showing that employees across Asia Pacific are using collaboration tools their IT departments have not approved, a trend the study links to rising concern over AI governance.
Across the region, 66% of organisations reported that staff regularly download and use collaboration platforms that have not been vetted by IT teams. At the same time, 72% said those tools are creating new threats and security loopholes, while 90% described collaboration tools as essential to day-to-day operations.
The figures point to a gap between how quickly workers adopt messaging, file-sharing and communication software and how fast governance processes can respond. That gap is becoming more significant as companies introduce AI tools into the same work environments.
Fragmented collaboration systems can leave organisations with weak visibility over where information moves, who can access it and what controls are in place. In the survey, 45% of APAC organisations said they had seen an increase in threats tied to collaboration tools over the past year.
Nicky Choo, Vice President and General Manager, APAC, at Mimecast, said the issue has widened beyond email security.
"Work today happens across an increasingly fragmented mix of collaboration platforms, cloud environments and AI-assisted workflows," Choo said.
"The challenge for many organisations is no longer simply securing a single channel like email. It is maintaining visibility, governance and trust across how work is created, shared and acted upon across the business."
Governance gap
The spread of unmanaged workplace tools is no longer just an operational problem. Mimecast argued that the issue could become harder to control as AI agents begin to work across several business systems and workflows at the same time.
Unlike individual employees, AI agents can act across multiple applications simultaneously, magnifying existing gaps in oversight. Organisations that deploy such systems without first understanding their collaboration environments may struggle to monitor or control them effectively, Mimecast said.
Choo said many businesses are already operating in environments where staff behaviour is moving faster than governance models.
"Employees are constantly looking for faster and more efficient ways to collaborate, especially as AI capabilities become embedded into everyday workflows. But when organisations lack consistent visibility across these environments, it becomes harder to understand where sensitive information is moving, who or what is accessing it, and whether the appropriate controls are in place."
The findings also suggest many organisations still rely on separate compliance and governance tools rather than integrated oversight across channels. Only 37% of APAC organisations surveyed said they had automated compliance tools in place across multiple communication channels.
Broader shift
The survey reflects a broader shift in how companies are being pushed to manage cyber risk as work becomes more decentralised and increasingly shaped by AI. Instead of focusing only on securing endpoints or single communication channels, organisations are being forced to examine how work itself is created, shared and approved across both human- and machine-led processes.
That shift has implications for boards, technology leaders and compliance teams, especially in sectors with strict data-handling requirements. If employees continue to adopt tools outside approved procurement and security processes, governance frameworks may fall further behind everyday business practice.
Mimecast's research was based on a survey of 2,500 IT security and IT decision-makers across nine countries. The study covered organisations with more than 250 employees and included respondents in Singapore and Australia as part of its APAC sample, alongside participants in North America, Europe and South Africa.
Respondents came from sectors including financial services, healthcare, technology, manufacturing, retail, public services, utilities, construction, consumer services and media. The research examined how human behaviour, insider activity and organisational practices are shaping cyber risk.
For Mimecast, the findings place collaboration governance closer to the centre of AI readiness. Choo said businesses are unlikely to slow their use of AI or collaboration software, meaning governance systems will need to catch up.
"Organisations are not slowing down AI or collaboration adoption - nor should they," Choo said. "The priority now is ensuring governance, visibility and accountability evolve alongside how modern work happens. Security models need to support organisations in moving faster safely, not hold them back."
He said AI agents would test that readiness further. "AI agents are coming whether organisations are ready or not. The collaboration environments they will operate in need to be understood, governed and secured before those agents are deployed - not after. The organisations that invest in governance now will be the ones that can move fastest and most safely when agentic AI becomes the norm."