Cyber Security Tribe recently attended the Gartner Security and Risk Management Summit in National Harbor, Washington DC, where we attended a series of thought leadership-based presentations including : 2025 Top Cybersecurity Projects presented by Wayne Hankins, a leading Gartner analyst.
Following the session, we had the opportunity to speak with Hankins to ask him to further explore three key projects of within his presentation:
- Enchancing cybersecurity of data with cyberstorage
- Facilitate preparations of unstructured data for GenAI adoption
- Rebrand security across internal stakeholders
These priorities emerged from extensive research and real-world observations across thousands of organizations worldwide, revealing gaps in how companies protect their most valuable assets.
Data Security Measures – Cyber Storage is Key when Securing Data
Ransomware attacks have exposed a blind spot in most organizations' security architectures. While companies invest heavily in endpoint protection and network security, they often lose sight of data once it enters storage systems. This gap creates opportunities for attackers to compromise backup systems and recovery processes.
The problem extends beyond visibility
Storage environments present unique challenges that traditional security tools cannot address. Data undergoes multiple transformations between creation and final storage placement, creating windows of vulnerability that attackers can exploit. Without proper oversight during these transitions, malicious code can embed itself within data before it reaches supposedly secure storage systems.
"One of those areas that was really missing was that lifecycle the data all the way from it being created to being put in storage."
Cyber storage technology addresses this gap by extending security controls throughout the data lifecycle. This approach provides security teams with visibility into storage environments while adding protection at the data level itself. The technology scans and cleanses data during the storage preparation process, ensuring that only verified clean data enters backup and archival systems.
The benefits extend far beyond initial protection. Organizations implementing cyber storage report faster recovery times and greater confidence in their backup integrity. When ransomware strikes, teams can restore from storage systems knowing their data hasn't been compromised at the source.
Many organizations already possess cyber storage capabilities within their existing infrastructure. Storage vendors have been incorporating security features into their products for several years, often without security teams realizing these capabilities exist. The challenge lies in identifying these features and integrating them into security strategies through collaboration between security and IT teams.
Third-party solutions also provide cyber storage capabilities for organizations whose current infrastructure lacks these features. These tools can integrate with existing storage systems to provide the scanning and verification processes needed to ensure data integrity throughout the storage lifecycle.
Unstructured Data for AI Adoption
Organizations implementing AI systems face significant challenges in preparing their data repositories. The rush to deploy AI solutions often overlooks the security implications of feeding unprotected or improperly classified data into learning models.
Data governance forms the foundation of secure AI implementation. Organizations must establish clear policies for data classification, retention, and access control before deploying AI systems. Poor data governance leads to security breaches, compliance violations, and exposure of sensitive information through AI interfaces.
The scope of the challenge becomes clear when examining data retention practices. Many organizations maintain policies they don't actively enforce, leading to accumulations of old unprotected data. Companies often discover decades-old data from acquisitions and mergers that was never properly classified or secured. This legacy data poses risks when fed into AI training models.
Unstructured data comprises 75-80% of most organizations' data assets, yet many companies lack visibility into what they possess. Data sprawl occurs when developers copy information to new environments without maintaining security classifications, creating shadow data repositories that can feed into AI systems. Without proper inventory and classification, sensitive information can inadvertently train AI models that later expose this data to unauthorized users.
"If you look at unstructured data, it makes up somewhere between 75 to 80% of our data. And in a lot of cases for some organizations, they don't know what they have."
Data Security Posture Management (DSPM) tools provide the automated discovery and classification capabilities organizations need to prepare for AI adoption. These tools can identify sensitive data across multiple environments and maintain visibility as data moves through systems. DSPM solutions have evolved from manual, time-intensive processes to automated platforms that can scan petabytes of information and apply appropriate classifications based on content analysis.
The classification process must account for data lineage and context. Information that appears benign in isolation may become sensitive when combined with other datasets. AI training processes often aggregate multiple data sources, creating new privacy and security considerations that traditional data classification approaches may miss.
Organizations should implement data minimization strategies as part of their AI preparation process. Rather than feeding all available data into training models, companies should carefully curate datasets to include only information necessary for specific AI objectives. This approach reduces exposure risks while improving AI model performance through higher-quality training data.
The consequences of inadequate data preparation can be severe. AI systems trained on improperly classified data may expose sensitive information to unauthorized users, creating compliance violations and security breaches that could have been prevented through proper data preparation. These incidents can result in regulatory fines, loss of customer trust, and competitive disadvantage.
The Importance of Effective Communication Between CISOs and Other Organizational Stakeholders
The CISO role has undergone significant transformation, particularly regarding visibility with senior leadership. Regulatory changes, including SEC requirements, have increased board-level engagement with cybersecurity topics, creating new opportunities for security leaders to influence business strategy.
This increased visibility requires new skills beyond technical expertise. Security leaders must develop communication abilities that translate technical concepts into business language and demonstrate how cybersecurity initiatives support organizational objectives. The transition from technical expert to business communicator represents one of the most challenging aspects of modern CISO responsibilities.
Many CISOs struggle to connect security activities with business value. They view security measures as standard practices rather than business drivers, missing opportunities to position cybersecurity as a competitive advantage or growth driver. This perspective limits their ability to secure adequate budgets and organizational support for security initiatives.
The solution involves reframing cybersecurity communications to emphasize business impact. Security leaders must learn to articulate how their programs support revenue generation, cost reduction, and risk management in language that resonates with business stakeholders. This communication shift requires understanding business operations, competitive pressures, and growth strategies that extend far beyond traditional security concerns.
However, security leaders shouldn't tackle this communication challenge alone. Marketing teams possess expertise in crafting messages that resonate with different audiences and can help security departments develop more effective communication strategies. Marketing professionals understand how to segment audiences, develop targeted messaging, and measure communication effectiveness.
Professional marketing support can transform security communications from compliance-focused announcements to business-aligned messaging that demonstrates value and builds support. Marketing teams can help security leaders identify key stakeholders, understand their priorities, and craft messages that address their specific concerns and interests.
The messaging strategy should recognize that different stakeholder groups have distinct information needs and communication preferences. Executives care about risk management and competitive advantage, while operational managers focus on productivity and efficiency impacts. End users want to understand how security policies affect their daily work and what support they can expect from security teams.
For business peers, security teams should focus on how their programs support sales, marketing, and operational objectives. This messaging should demonstrate concrete ways cybersecurity helps other departments achieve their goals, such as enabling secure customer data handling that supports marketing campaigns or protecting intellectual property that maintains competitive advantages.
End users represent the most important audience for security communications. Rather than viewing employees as security risks, organizations should position them as security assets and partners in protecting company resources. This perspective shift can dramatically improve security culture and employee cooperation with security policies.
The communication transformation requires sustained effort and professional support. Organizations that invest in improving security communications report better stakeholder relationships, increased budget support, and improved security culture. These benefits extend beyond immediate security objectives to support broader business goals and organizational resilience.
Further Reading
Further information can be found within this research report from Gartner.
