Explore Your AI Options and Weigh Risk With a Phased Approach

Artificial intelligence (AI) solutions are being rapidly adopted by U.S. businesses, including midmarket organizations, across a wide range of industries. As much as 78% of respondents in the March 2025 McKinsey survey reported that their organizations use AI in at least one business function, up from 55% in 2023. 

AI tools provide attractive business opportunities, such as productivity gains, improved content for marketing and sales, and faster customer service, and there are plenty of options for organizations to choose from. Employees are eager to test the performance of AI tools, often before organizations have had a chance to fully implement best practices, draft new policies, and address regulatory compliance issues. 

So how do organizations explore the many AI options available and still stay safe from risk? It’s a balancing act. Pondurance suggests that midmarket organizations explore the benefits of the AI tools on the market, weigh the risks of using them, and take a phased approach to AI adoption. 

Exploring AI solutions

The AI revolution is here, and global spending on AI, including applications, infrastructure, and services, is expected to more than double over the next few years, reaching $632 billion by 2028. Organizations in every industry know they need to determine how AI can drive efficiencies for their businesses to avoid falling behind. However, there are abundant AI technologies on the market, and choosing the AI tools that work best for your midmarket organization can seem overwhelming. 

As a first step in considering how AI can help your organization, you can conduct an in-depth analysis of your workflow to identify the pain points for your business. Then contemplate how AI can possibly address those pain points to move you closer to your overall business goals. Also think about how the tools will work within your unique organization. Ask yourself: How do the tools integrate with my existing technology and workflows? Can the tools grow as the business grows? Can the technology handle and process my data? What are the costs to set up, use, and maintain the tools?

You’ll want to consider every department in your analysis, not just IT. AI solutions can address pain points for teams across your organization, and it’s important that you explore your options. 

• Marketing. Content generation tools, such as Microsoft Copilot and Jasper, use text prompts to generate drafts of written content for emails, blogs, and creative inspiration. AI solutions can also check grammar, edit videos, generate images, manage social media posts, and create presentations.

• Sales. AI tools can help your sales team identify customer trends, generate predictive analytics to anticipate customer needs, recognize upselling and cross-selling opportunities, write better emails, and generate leads.

• Customer service. Chatbots, such as ChatGPT and Claude, allow your business to communicate with customers in real time to improve their online experiences. Many AI solutions can also retrieve data analytics from emails, logs, social media posts, and product reviews.

• Human resources. AI tools can assist in recruiting candidates, onboarding, managing employee records and benefits, and upskilling workers to effectively use AI.

• Cybersecurity. AI can proactively help teams with enhanced security monitoring, authentication, threat detection, and incident response. However, AI also can pose security risks as it adds to the organization’s attack surface.

• Finance. Teams can use AI tools to detect fraud, automate compliance checks, assist with budgeting, analyze data, and more. 

Before letting employees experiment with these AI options, your organization should consider executing a pilot program where teams can safely use the AI tools in a controlled setting. Your organization can gather information from the pilot program teams and use their keen insights to narrow down the options that best address your pain points and further your business goals.

Weighing the risks

The right AI tools offer tremendous opportunities for midmarket organizations, making businesses faster and more efficient than ever before. But there are also significant risks, such as concerns about data privacy, accuracy, employee misuse, and cybersecurity. Your organization needs to carefully weigh the risks of AI, balancing them against the benefits of your AI options, to determine the best solutions.

Data privacy. AI tools collect and analyze large amounts of data to train algorithms, make predictions, and improve performance. Businesses need to safeguard the data from threat actors (or even unwitting employees) to protect intellectual property and avoid data leaks that can cause ethical or reputational damage. In addition, organizations in regulated industries must protect their sensitive customer data to meet the compliance requirements of federal and state privacy laws. 

Accuracy. AI tools are designed to provide a correct answer to prompts. Unfortunately, when AI doesn’t know the answer, it may invent one, known as an AI hallucination. For example, Microsoft’s Bing AI Chat provided inaccurate figures about a Gap earnings report and Lululemon financial data. Also, ChatGPT fabricated six court cases for two attorneys to use as legal precedents in a brief submitted to a judge, and the judge subsequently fined the attorneys for using the fake citations. AI tools always require human oversight. Employees should verify all information generated by AI tools to confirm accuracy.

Employee misuse. Sharing sensitive company or customer information on AI systems can create serious confidentiality issues, data privacy violations, and exposure of company trade secrets. The risk is real. In a recent survey, 47% of employees reported they have uploaded sensitive information into public AI tools, and 44% admits using AI at work in violation of company policies. Organizations need to set up safeguards, conduct ongoing training, and create safe workplace cultures to mitigate the risks. 

Cybersecurity. AI technology can detect patterns in your network traffic for a quicker response to cyber threats. But AI tools also expand the attack surface and provide new vulnerabilities for threat actors to exploit. In addition, threat actors are using their own AI tools to generate deepfakes, execute phishing scams, and create malware that is more convincing than victims have seen in prior attempts.

Using a phased approach

Once you’ve decided which AI solutions work best for your organization, you need to figure out how to implement them — and that implementation requires considerable preparation and planning. Your organization needs to determine the process or approach for the rollout, the usage policy, employee training, risk management, and many other important decisions.

Phased approach. For most midmarket organizations, Pondurance recommends using a phased approach to AI adoption. In a phased approach, your organization takes small steps to implement AI, focusing on your pain points and business objectives in determining the phases. Your organization may want to start with the AI solutions that make the biggest impact for your employees but have a low level of risk, such as onboarding new talent, generating sales leads, or creating content for a new website. Or your team may have a high-risk priority that AI tools can address, and you want to tackle that first. No matter how you do it, the important thing is to concentrate only on specific areas or functions at a time —always with risk in mind — and set clear time frames to keep the process on schedule and on budget. 

Usage policy. For cybersecurity, your organization most likely compiled a comprehensive incident response plan. A similar plan is critical for AI, getting all employees and stakeholders on the same page. With the fast pace of AI adoption, your organization may not have the opportunity to draft a thorough usage policy before adopting AI. But at a minimum, your organization needs to specify the roles and tasks for using AI, the ongoing monitoring and auditing required, the training and awareness programs needed, and the controls and assessments required to protect sensitive customer data and company secrets.

Employee training. AI tools are meant to help humans rather than replace them, so your organization should clearly communicate the positive benefits of AI to your employees. Your organization should offer ongoing training to every employee, teaching them how to responsibly use AI tools and stay current on the risks of AI. Your organization will also want to upskill employees, or prepare them for job changes as AI performs mundane tasks while employee work becomes more strategic.

Risk management. The phased approach allows your midmarket organization to consider risk at every stage — and there are plenty of risks. Employees can misuse AI tools, resulting in the public release of confidential information or intellectual property, the use of false AI-generated information in content, or the exposure of sensitive customer data in violation of compliance laws. Threat actors pose a risk as AI expands the attack surface, leaving your network vulnerable to exploit, and they also use AI tools for deepfakes, phishing attacks, and social engineering scams. For all these reasons, it’s important to build in periodic risk monitoring and assessments during your AI launch period and after AI has become the norm to keep your organization safe and protected.

Conclusion

AI tools can provide productivity gains and efficiencies for your midmarket organization, but your teams must do the hard work of exploring the options, weighing the risks, and implementing AI with a phased approach. It takes preparation and planning. When you do it right, AI solutions can ease your pain points and align with your business goals to get your business running more productively and efficiently with reduced risk.