According to a Gartner survey, CISOs and managers in security and risk management find it difficult to balance data protection with business objectives.
Gartner research shows that only 14 percent of CISOs and security and risk management (SRM) leaders succeed in both protecting data and supporting business objectives. The rest focus either on security or on leveraging data for business goals, but not both.
Limited balance
The survey was conducted between June and August 2024 among 318 senior security leaders from various industries worldwide. The results show that 35 percent of respondents focus on data security, while 21 percent focus on using data to achieve business objectives. Only one in seven know how to effectively combine the two.
According to Gartner, this limited balance can lead to increased vulnerability to cyber threats, potential fines and operational inefficiencies. This can erode organizations’ competitive advantage and damage stakeholder trust.
Recommendations
To improve the balance between data security and business support, Gartner recommends security leaders take five actions:
- Reduce governance friction by involving end users in the development of security policies and standards.
- Align governance efforts with other internal departments to minimize overlap and strengthen collaboration.
- Define non-negotiable security requirements for unknown risks so companies know what they must comply with.
- Define guidelines for the use of generative AI to enable safe experiments within established limits.
- Collaborate with data and analytics teams to ensure broad support for security initiatives.
Gartner emphasizes that with a balanced strategy in terms of data security and business goals, organizations are better able to withstand threats and operate more efficiently.