Most AI deployments don't pay off. Here's what the 5% do first.

Most AI deployments don't pay off. Here's what the 5% do first.

AI Strategy
June 11, 20264 min read

Walk into any business right now and you will find AI everywhere. Agents drafting emails, tools summarising calls, chatbots answering customers. Adoption is basically universal. Around 97% of companies have rolled out AI agents in the past year.

Now ask the harder question: is it actually paying off?

For most, no. Only about 23% see a significant return from those AI agents. Read that again. Near total adoption, and fewer than one in four getting real value. That is not an AI problem. AI works. It is a how-we-deployed-it problem.

It gets sharper. Of the businesses running AI agents, 88% have already had a confirmed or suspected security incident in the last year, and only about 14% ship those agents with full security sign-off. So the picture is this: everyone has built, most are not getting paid back, and the majority have already had a scare with data they did not mean to expose.

Australia just put a clock on the data side of that. From 10 December 2026, under the Privacy Act, businesses that use automated systems to make decisions which significantly affect people must spell that out in their privacy policy: what personal information goes in, and the nature of the computer-made decision. The regulator is not waiting either. It ran its first compliance sweep in early 2026, and real estate agencies were on the list. If AI touches a decision about a customer, disclosure is becoming law, not a nice-to-have.

Here is the part nobody wants to say out loud. Most small and medium businesses are not short on enthusiasm. They are short on a guide. The research backs it: SMBs are adopting AI fast, and the gap holding them back is training and support, not interest. People do not need convincing that AI matters. They need someone to tell them where it fits, what is safe, and what to do first.

So why are so many businesses building and not getting a return?

Because they skip the diagnosis. They pick a tool, automate the thing that annoys the founder most, and hope. MIT found that 95% of enterprise AI pilots fail to drive a measurable return, and the 5% that succeed almost all do one thing first: they audit the workflow before they build.

And here is the bit that separates a safe build from an expensive mistake. When you audit, you do not just score the opportunity. You score the risk.

Most people rate every workflow on impact: how much will this help if it works. Useful, but only half the map. The other axis is risk: what does it cost you if the AI gets it wrong. Bad data. A bad customer experience. A pricing error. A compliance breach. Plot both, and the picture changes:

  • High impact, low risk: automate it. This is the goal.

  • High impact, high risk: do not fully automate it. Make it hybrid. The AI does the work, a human signs off. This is where most of the real wins actually live.

  • Low impact: leave it manual, or do not bother.

A quick example. A business wanted to fully automate its client quotes. High impact, lots of quotes, all revenue. But every quote is a binding offer, so a pricing slip costs margin and trust. The matrix said hybrid, not full automation: AI drafts the quote in seconds, a human checks the margin and the terms in 90 seconds instead of 25 minutes. The win rate went up, because the human caught positioning issues a machine would have missed.

That is the whole game. Not more tools. Better judgement about which work to hand over, and how much rope to give it.

This is the lens I bring after 25 years in IT and security. Most AI agencies will happily score the opportunity for you. Almost none will score the risk, because they have never had to carry it. I have. The same instinct that asks "where does this data actually go, and what is the worst that can happen" is exactly what keeps a business in the 5%, and on the right side of a December 2026 deadline.

You do not need to become an AI expert. You need a clear-eyed look at your business, the workflows scored on impact and risk, and a plan for what to build, what to make hybrid, and what to leave alone.

If that is the conversation you have been meaning to have, that is exactly what an AI Game Plan Session is for. No pitch, no jargon, just a clear read on where AI pays off in your business, and where it could bite.

Sources - AI agent ROI ~23% (97% deployed agents): WRITER, Enterprise AI Adoption 2026. https://writer.com/blog/enterprise-ai-adoption-2026/ - 88% had an AI-agent security incident; only ~14% ship with full security sign-off: Gravitee, State of AI Agent Security 2026. https://www.gravitee.io/blog/state-of-ai-agent-security-2026-report-when-adoption-outpaces-control - Automated-decision disclosure in privacy policies from 10 December 2026: OAIC / Privacy and Other Legislation Amendment Act 2024 (APP 1.7). https://www.oaic.gov.au/privacy/australian-privacy-principles/australian-privacy-principles-guidelines/chapter-1-app-1-open-and-transparent-management-of-personal-information - SMBs adopting fast but the gap is training and support, not interest: Goldman Sachs, 2026. https://www.goldmansachs.com/pressroom/press-releases/2026/small-businesses-embrace-ai-but-need-training-and-support-to-fully-harness-it - MIT: 95% of enterprise GenAI pilots fail to drive measurable returns (MIT report, 2025, widely cited).

Back to Blog