Jul 3, 2026

Six costs AI budgets rarely account for

Data Series
| Part
6

Reading time:

5 min read

The pilot worked. Production didn’t. Six places the money leaks before AI ships, and how to close each one.

Author

Dimitri Phalen is the marketing lead at ISM who prefers plain language over big claims. For years, he’s worked behind the scenes, translating messy, complex IT problems into something teams can actually use. If something sounds like it was written by someone with not enough coffee, who’s been sitting too close to the delivery team for too long, that’s probably his fault.

The pilot worked. Production didn’t. Same data, different behaviour. Privacy red-flagged it. Audit found 6 owners and zero lineage. Nobody knew if the input came from dev, test, or the system someone forgot to retire in 2019. The one everybody swears is managed by… uh… someone.

The model didn’t fail. The fabric underneath it was a bird’s nest.

What improves when you fix the foundation

Teams stop rewriting what someone duct-taped last year. Privacy becomes muscle memory. Security follows the record, not the perimeter. Audits are boring. Gary, for once, inherits working parts. AI stops being a proof of concept that never graduated and starts being part of how work gets done.

Trust your inputs or pause the rollout

If your inputs stumble, your outcomes fall. Catalogue the right datasets. Make lineage and approvals part of the build, not a post-it. Publish governed data products with usage contracts. That’s how AI starts behaving like it belongs in production.

Six line items, and how to close them

1. Rework: the cost of bad inputs

Rework is the tax on ungoverned data. A clean inventory, shared definitions, and visible lineage short-circuit the loop. Senior people stop reconciling spreadsheets and start delivering outcomes. Every hour tracing a data conflict back to a naming convention from 2016 is an hour that had a salary attached to it.

Read next: You can’t protect what you can’t findNobody gets promoted for governance work

2. Breach containment: the bill nobody budgeted

The expensive part of a breach isn’t the intrusion. It’s when nobody can say what was exposed, for how long, or by whom. That’s when the war room spins up, legal starts counting hours, and the regulator asks for a timeline you don’t have. Controls that travel with the record, masking in non-prod, and access that actually expires make containment smaller and cheaper. Microsoft reports more than 600 million cyber and identity attacks per day (Microsoft Digital Defense Report 2024). Not a hypothetical line item.

Read next: Your policy says one thing, your environment says anotherThe data doesn’t care about your firewall

3. Approval delays: the payroll bleed

The most expensive delay is the avoidable one. If lineage, classification, and approvals are part of the build, privacy doesn’t block go-live and legal doesn’t sift a PDF dump on a 2-day deadline. Evidence captured as work happens, not assembled after the fact by people with salaries and other priorities.

Read next: Nobody gets promoted for governance workThe model works fine, your data doesn’t

4. Infrastructure sprawl: paying for the same data three times

Cloud is not the enemy. Unmanaged sprawl is. Pipelines multiply in the dark. Three tools enforce the same control. Data crosses clouds with no consistent classification or observability. Centralise discovery, classification, and policy. Retire the zombies. Forrester’s TEI on Microsoft Sentinel reported a 234% 3-year ROI and 93% faster onboarding of new data sources (Forrester, March 2024). That’s what visibility delivers when you actually have it.

Read next: You can’t protect what you can’t findThe data doesn’t care about your firewall

5. Compliance panic: the audit you can’t afford

Audit shouldn’t mean nail-biting and a prayer. If approvals, lineage, and usage exist by default, audit becomes a calendar item. No fire drills, no derailed sprints, less coffee. ITIC reports 90%+ of firms estimate hourly downtime above $300K, and 41% put it at $1M+ per hour (ITIC, 2024). Predictability is cheaper than panic.

Read next: Nobody gets promoted for governance workYour policy says one thing, your environment says another

6. The confidence gap: where budgets quietly evaporate

Kyndryl’s Readiness Report shows 90% of executives say their IT is best in class. 39% think it’s ready for future risks (Kyndryl, October 2024). That 51-point gap between “we can” and “we did” is where budgets go to disappear. Every organisation that relaunched an initiative because someone skipped governance paid for the foundation twice. The second time was more expensive.

Read next: The model works fine, your data doesn’t

What we keep relearning

Catalogues are how systems agree on truth. Privacy wired into code outlasts privacy in binders. Governance on paper doesn’t run in production. Security that travels with the record keeps incidents small. Skilled teams deliver more when the plumbing stops leaking underneath them.

The quick check

Is non-prod masked by default? Can you trace a critical data field end to end? Are approvals baked into pipelines, not meetings? Do access logs match reality? Can someone explain what broke without a war room? If most of those are yes, keep building. If not, fix one foundation before you stack another tower on top of it.

Where we come in

We show up when things are political, duct-taped, or quietly bleeding budget. Over half a century of untangling legacy, regulation, and hybrid complexity inside Canadian enterprise and public sector organisations. From Regina to Rimouski, the kind with 10 systems called final_v3 and more auditors than DevOps.

Local leaders who understand your constraints. Kyndryl’s global support when scale demands it. Data that behaves. Audits that pass. Projects that don’t quietly die in non-prod.

This stuff isn’t pretty. That’s what makes it worth fixing. If any of it sounds familiar, we should talk. We’re good with a wrench, working on plumbing that holds up when it rains.

Want to understand how we work?

Every conversation starts with your environment. Not our product list.

Get in touch
ArrowArrow

It's not about the technology, or the processes. It's about your clients, your users, and the hard won trust you've built. Every team here keeps that at heart.

Mobile CTA