May 3, 2021
Discover, Classify and Catalog Sensitive Data on AWS with Privacera
Watch the Video
October is Cybersecurity Awareness Month, a time dedicated to raising public understanding of the importance of securing our digital lives. Established through the collaboration between the U.S. Department of Homeland Security and the National Cyber Security Alliance, this annual event shines a spotlight on various aspects of cybersecurity. Among its themes, the third week focuses on recognizing and combating cybercrime, highlighting the ongoing battle against threats that target personal, corporate, and governmental data.
In this context, it’s crucial for cybersecurity leaders to step up and assert their role in the prevention of data loss from internal and external threats. More importantly, they should take the lead in collaborating with data governance personnel, ensuring that the systems and protocols designed to safeguard sensitive information are integrated and effective. Historically, cybersecurity experts have ceded much of this responsibility to data professionals, viewing data governance as a separate realm outside their purview.
This has been a costly mistake. Data is the currency of the digital age, and its protection requires a holistic approach that unites both cybersecurity and governance efforts. By maintaining distance from data governance leaders, cybersecurity professionals have missed critical opportunities to proactively defend against breaches, leaks, and other forms of data loss. The time has come for them to not only recognize their responsibility but to actively engage in shaping policies and practices that safeguard data in all its forms.
Combating Data Cybercrime
The decision to leave data protection largely to data professionals is becoming an increasingly costly oversight. Data theft accounts for 19% of all cybersecurity incidents, and the problem is only getting worse. The Identity Theft Resource Center reported a staggering 72% increase in data breaches in 2023 compared to 2021, signaling that the current approach to securing data is inadequate. On top of that, each breach cost organizations an average of $4.88 million in 2024, underscoring the financial devastation caused by insufficient data protection practices.
It’s time to take cybercrime related to data seriously. Securing sensitive data and personally identifiable information (PII) can no longer be left to a scattered group of database administrators or data engineers. Instead, cybersecurity leaders must ensure that data is consistently discovered, secured, and audited for protection. This requires direct engagement with data governance personnel, who have the insight and authority to shape how data is accessed and protected.
Data governance leaders hold the keys to determining how data should be accessed—or not—and their policies establish the rules of the road for data usage within the organization. Furthermore, they have a critical understanding of where these rules intersect with business risk, feeding directly into data security posture management. Cybersecurity leaders must collaborate closely with data governance teams, who should be seen as vital allies and trusted confidants of the CISO. Together, they can fortify an organization’s defenses against the rising tide of cybercrime.
Actively Protecting Data
Once relationships between cybersecurity and data governance are established, the next critical step is identifying where business risk resides. This begins with gaining visibility into where sensitive or personally identifiable information (PII) is stored within the enterprise. A CIO recently confided to this author that, if their organization were hacked, they would need to hire external consultants just to determine whether the breach was material. This highlights the urgent need for a clear understanding of where critical data lives within the company.
For organizations with complex hybrid and multi-cloud environments, deploying data security posture management (DSPM) is essential. DSPM allows businesses to discover where sensitive data resides, helping to map out their risk landscape. Once identified, cybersecurity teams should focus on implementing a platform that enables consistent, global security rules to be enforced across the entire organization. This ensures that risk is managed holistically rather than on a system-by-system basis, driving greater consistency in compliance.
A unified platform for managing risk, access, and security not only saves labor but also reduces risk by ensuring compliance across all departments. Instead of reacting to breaches after they occur, cybersecurity leaders must shift toward proactive protection. This approach demands critical alliances with data governance personnel, enabling a stronger, more integrated defense strategy. It’s time for cybersecurity professionals to develop these essential partnerships and ensure that their environment is actively protected, not just passively monitored.
Parting Words
In today’s threat landscape, cybersecurity professionals can no longer afford to operate in isolation from data governance. Protecting sensitive data and preventing breaches require a unified approach that integrates security with governance policies across the entire organization. By forming strong partnerships with data governance personnel and deploying holistic tools like data security posture management, cybersecurity leaders can proactively address business risks, ensure compliance, and safeguard against the escalating threat of data cybercrime. Now is the time to embrace this collaboration and take a more strategic, integrated approach to data protection.cera, reach out to our team and schedule a demo or conversation.
Author
