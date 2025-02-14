Around the world, security leaders say they are struggling to balance the need to appropriately secure their data and the need to maximise efficient use of this data to hit their business objectives, according to a study produced by analysts at Gartner, who found that only 14% of cyber leaders were keeping on top of this.

The analyst’s poll of 318 senior security leaders – conducted in the summer of 2024 – found 35% were confident they could secure data assets, and 21% were confident they could use data to achieve their business goals. The ability to do both was beyond six in seven.

Nathan Parks, senior specialist for research at Gartner, said this was clearly something that needed to be addressed.

“With only 14% of SRM leaders able to secure their data while supporting business goals, many organisations can face increased vulnerability to cyber threats, regulatory penalties and operational inefficiencies, ultimately risking their competitive edge and stakeholder trust,” he said.

In light of its findings, Gartner has developed a five-point checklist for security leaders – security and risk leaders, in its parlance – to better align their business needs to stringent data security requirements, and successfully achieve both effective data protection and business enablement goals:

CISOs should try to ease governance-related friction for the business by co-creating data security policies and standards with input and feedback from end users across the business;

They should try to align data-security related governance efforts through partnering better with the business’s other internal functions to identify areas of overlap and potential synergy;

They should clearly identify and delineate any non-negotiable cyber security requirements that the business must absolutely meet when handling previously unknown or unexpected data security risks;

On generative artificial intelligence (GenAI) and decision-making related to it, they should take care to define appropriate, high-level guardrails that enable stakeholders to experiment within set parameters;

And finally, they should collaborate with the business’s data and analytics teams to secure board-level buy-in on data security levels.