78% of AI Users Got No Training. Breaches Just Hit a Record High.
Hays data: 60% of workers use AI regularly but 78% had no formal training. OAIC breach notifications hit an all-time high. Small firms are most exposed.
The tools outran the training
Sixty per cent of Australian workers now use AI regularly at work. Twenty-two per cent have received formal training from their employer to do so. Only 30 per cent are even concerned about the risks.
Those numbers come from the Hays Salary Guide FY26/27, published in June 2026 and based on more than 7,000 hiring managers and professionals across Australia and New Zealand. Hays APAC CEO Matthew Dickason put it bluntly: 'AI adoption has outrun enablement. The tools are on the desk; the training, governance, and guardrails haven't kept up.'
This is not a story about workers choosing to ignore AI. It is a story about businesses letting adoption happen without structure. AI arrived inside the software you already pay for — Xero, MYOB, Microsoft 365 — and teams started using it. No rollout plan. No policy. No risk conversation.
Australia's AI training gap
Using AI regularly
60%
At work
Formally trained
22%
By their employer
Small businesses are most exposed
The training gap is sharpest where resources are thinnest. Employers with fewer than 50 staff — the profile of most Australian trades and professional services firms — are the least likely to have provided any AI training at all. Casual and temporary workers fare worse again.
The sector data is equally pointed. Legal professionals report the lowest AI adoption of any sector at 32 per cent. Trades and services report skills shortages at 92 per cent — the second highest nationally. The workers who could benefit most from AI are the least equipped to use it safely.
This is how shadow AI takes hold. When employers don't train, workers use AI anyway — on their own terms, with tools no one in the business evaluated, feeding client data into platforms with no governance around them.
The breach data makes it real
On 13 July 2026, the Privacy Commissioner released Australia's 2025 data breach figures. The total: 1,205 notifications — the highest since the mandatory reporting scheme began in 2018. An 8 per cent rise over 2024. Fifty-nine per cent came from malicious or criminal attacks.
The sector breakdown should get your attention. Legal, accounting and management services reported 81 breaches, placing it alongside health (225), financial services (157), government (118), and education (81) in the most-affected sectors. Eighty-two per cent of Australians now identify data breaches as their top privacy concern, per the OAIC's 2026 community attitudes survey — up from 74 per cent in 2023.
Here is the uncomfortable intersection. The Hays data shows 48 per cent of employers cite security and privacy as the single biggest barrier to wider AI adoption. They are right to worry. But the people already using AI inside these same businesses have had no training on data handling, no governance framework, and — in 70 per cent of cases — no particular concern about the risk they are creating.
Five months until December
The Privacy Act's automated decision-making disclosure obligation takes effect on 10 December 2026. If your business uses AI to make or substantially assist decisions that significantly affect individuals, your privacy policy must say so. The OAIC's final guidance is expected by September.
For an accounting firm using AI to flag anomalies in client data, or a trades business using an AI phone agent to qualify leads, the obligation is not hypothetical. But compliance requires knowing what AI your business actually uses, what data it touches, and what decisions it informs. When 78 per cent of your workforce has had no formal training and AI use is undocumented, answering those questions is harder than it should be.
Three things to do before September
First, audit your AI use. Ask every team member what AI tools they use, what data goes in, and what decisions those tools influence. The answer will surprise you. Second, provide basic training — even two hours covering what data can and cannot go into AI tools, how to verify outputs, and what your business policy is. If you don't have a policy, that is the first item. Third, document your AI toolchain before the OAIC guidance lands in September. List every AI-enabled tool, the data it accesses, and the decisions it supports. This inventory is the foundation of your December compliance response — and building it now, without deadline pressure, takes a fraction of the effort it will in November.
Key takeaways
Sources
Hays — Salary Guide FY26/27: AI adoption and training findings (June 2026)
OAIC — Data breach notifications increase to all-time high in 2025 (13 July 2026)
▶Assumptions & methodology
- The 60 per cent regular AI use, 78 per cent no formal training, and 30 per cent risk concern figures are from the Hays Salary Guide FY26/27, published June 2026, based on a survey of more than 7,000 hiring managers and professionals across Australia and New Zealand. 'Formal training' means employer-provided; self-directed learning is not counted.
- The characterisation that employers with fewer than 50 staff are the least likely to have provided AI training is from the same Hays report. The report identifies this size band as disproportionately affected but does not publish exact training percentages for each size bracket.
- The 1,205 data breach notifications, 8 per cent increase over 2024, and 59 per cent malicious or criminal attack figures are from the OAIC's 2025 Notifiable Data Breaches annual statistics, released 13 July 2026. The 82 per cent public concern figure is from the OAIC's 2026 Australian Community Attitudes to Privacy Survey.
- Legal, accounting and management services reported 81 breach notifications in 2025, tying with education. Health (225), financial services (157), Australian Government (118), and business and professional associations (103) ranked higher.
- The Privacy Act automated decision-making disclosure obligation (APP 1.7–1.9) commences 10 December 2026 under the Privacy and Other Legislation Amendment Act 2024 (Cth). OAIC final guidance is expected by September 2026, per the OAIC's consultation timeline published May 2026.
- The 48 per cent figure for security and privacy as the biggest barrier to wider AI adoption, 32 per cent legal sector adoption rate, and 92 per cent trades and services skills shortage rate are all from the Hays Salary Guide FY26/27.
Field Notes are general commentary on AI trends for Australian businesses. They don’t constitute professional advice. Talk to your accountant, lawyer, or IT adviser before acting on anything specific to your situation — or talk to us if you want help working out where AI fits.
Subscribe
Don't miss the next one
Get each new Field Note in your inbox as it publishes — short, practical AI intelligence for business owners.
Not sure what your team's AI use looks like — or what it's costing you?
Untrained AI use is a risk you can measure. A 30-minute call can map where your exposure sits and what to do about it before December. Book a call.
Book a call →