A Gartner survey reveals that just 14% of security and risk management (SRM) leaders effectively balance the need to secure data assets with the necessity of using data to achieve business objectives. The survey, which gathered insights from 318 senior security leaders across various industries and organisational sizes from June to August 2024, highlights a significant challenge in data governance.
While 35% of respondents indicated they prioritise securing data assets and 21% focus on leveraging data for business goals, the overwhelming majority struggle to manage both effectively. “With only 14% of SRM leaders able to secure their data while supporting business goals, many organizations face increased vulnerability to cyber threats, regulatory penalties, and operational inefficiencies,” commented Nathan Parks, senior specialist in Research at Gartner. He emphasised that this imbalance can jeopardise competitive advantage and erode stakeholder trust.
Gartner has outlined five key actions that SRM leaders can take to align data security with business needs. Firstly, organisations should aim to reduce governance-related friction by establishing processes that co-create data security policies with end users, incorporating their feedback to enhance compliance and usability.
Secondly, aligning governance efforts across departments is crucial. By partnering with other internal functions, organisations can identify overlaps and synergies, ensuring a more cohesive approach to data security. Thirdly, SRM leaders should delineate non-negotiable security requirements for handling previously unknown data security risks, providing clarity and structure in a complex environment.
Additionally, Gartner suggests defining high-level guardrails for decisions related to generative AI (GenAI). This includes establishing parameters for when to pause or stop a GenAI tool or feature, allowing for business experimentation while maintaining security boundaries.
Finally, working collaboratively with data and analytics (D&A) teams is essential for securing top-down buy-in on data security initiatives. By fostering an environment of cooperation, organisations can better integrate security into their overall business strategy.
These recommendations aim to empower SRM leaders to enhance their data protection efforts while supporting business objectives, ultimately leading to a more secure and efficient organisational framework. As the landscape of data security continues to evolve, addressing these challenges will be vital for maintaining trust and resilience in the face of emerging threats.
