AI didn’t just knock on the door — it kicked it in.
As organizations race to unlock value from data with GenAI, copilots, and agentic workflows, security teams are facing a familiar tension at an entirely new scale: how do you protect data without slowing the business down?
That was the heart of the conversation in our recent webinar, From Discovery to Action: The Security Playbook for Data Democratization at Scale, featuring Rick Holland, Data & AI Security Officer at Cyera, and Jennifer Glenn, Research Director for Information and Data Security at IDC.
While there were lots of interesting insights, here are the standouts that stuck with us.
1. How AI is Redefining Data Democratization and Security Challenges
The idea of democratizing data has been around for years. What’s different now is AI. AI demands more data, faster access, and broader availability — which means security teams are no longer just protecting crown jewels. They’re managing an ever-expanding universe of sensitive, semi-sensitive, and unstructured data that didn’t exist a few years ago.
Data democratization is about securing and enabling the business so it can get value from its data - safely, and at the speed of the business. Because if you can’t find or understand your data, how are you going to use it?
2. The Rising CISO Liability in Modern Data Privacy and Security
IDC research shared during the webinar paints a stark picture:
- 65% of CIOs and CISOs are responsible for remediating data privacy and security issues (Data Privacy Survey, IDC, March 2025).
They deploy the tools. They own the outcomes. And when something goes wrong, they’re the ones answering for it. Yet data itself is touched by everyone — from data scientists and developers to compliance, legal, HR, and marketing.
“You can have shared visibility, but the liability still lands on the CISO and CIO.”
— Jennifer Glenn
That imbalance is becoming unsustainable.
3. Solving the “Overstuffed Garage”: Managing AI-Generated Data Risks
One of the most memorable moments came from a CISO anecdote Jennifer shared:
“She described it as an overstuffed garage. We have so much data we’re responsible for — it’s expensive, it’s risky, and we don’t even know what’s valuable anymore.”
Organizations are holding onto data far longer than needed and it’s costly to store, hard to classify, even harder to secure, and often impossible to extract value from.
This problem only gets worse as AI generates more data — meeting recordings, transcripts, summaries, synthetic content — all of which become part of the organization’s risk surface.
4. Scaling AI Alignment: Bridging the Gap Between Security and Innovation
One of the most eye-opening data points from IDC (Data Security/Privacy Survey, IDC, April 2025) showed:
In 2024:
- 57% of security leaders felt somewhat aligned with the business on AI
- 36% felt completely aligned
But in 2025, those numbers changed:
- “Somewhat aligned” dropped to 48%
- “Completely aligned” dropped to 29%
And at the same time, companies stopped trying to block AI altogether:
“In 2024, 12% blocked public GenAI tools. In 2025? That number dropped to 1%. AI is here. It’s not going anywhere.” - Jennifer Glenn, IDC
Security teams aren’t saying no anymore — but they’re struggling to keep up.
5. Why Automated Data Classification Is the Foundation of AI Security
Everyone agrees classification is critical. Almost no one agrees it’s easy.
IDC research (Data Security/Privacy Survey, IDC, April 2025) shows:
- Companies feel confident about regulated data (PII, PCI, SSNs)
- But less than 50% feel confident they’ve mapped and protected their sensitive data
Why?
Because “sensitive” is contextual. Marketing, sales, legal, and HR all define ‘customer’ differently. Just agreeing on what the data is can be the hardest part.
And without high-confidence classification, enforcement falls apart.
6. Moving Beyond Visibility: Integrating DSPM with Automated Remediation
Discovery and DSPM tools are essential — but they’re not enough on their own.
“If you know where your risk is but can’t fix it, you’ve painted yourself into a corner.”
— Jennifer Glenn, IDC
Rick put it more bluntly:
“What I don’t need is another alert factory. If I can’t take action, risk doesn’t go down.”
Modern data security requires Discovery + Context + Automated, confident action
That’s the difference between knowing your risk and actually reducing it.
7. Scaling Security: Using Automation to Solve the Data Staffing Crisis
Despite growing complexity:
- 73% of organizations say they’re adequately staffed (Data Security/Privacy Survey, IDC, April 2025)
- Yet staffing is still the #2 challenge after cost (Data Security/Privacy Survey, IDC, April 2025)
The reality? We’re staffed for yesterday’s problems — not for where data security is going. This is driving consolidation, platformization, and a push toward tools that let small teams operate at massive scale.
Conclusion: Why Data Security Governance is a Shared Responsibility
The strongest theme of the webinar wasn’t technology — it was responsibility.
“Data is a unifier. Everybody has responsibility for it now — not just the security team.”
— Jennifer Glenn, IDC
AI has forced the issue. Data security can no longer live in silos, and CISOs can’t carry the liability alone. The organizations that win won’t be the ones that say “no” the fastest — they’ll be the ones that move securely, confidently, and together.
If you missed the live session or want to revisit the insights, watch the full webinar on demand — and start turning data discovery into decisive action today.
AI Data Security Frequently Asked Questions
1) Why is data democratization more challenging with AI?
AI demands more data, faster access, and broader availability, making it harder for security teams to manage sensitive and unstructured data effectively. This challenge necessitates advanced data classification tools and ai data security measures.
2) What is the liability issue faced by CISOs?
CISOs deploy tools and own outcomes, but when issues arise, they bear the liability despite data being handled by various departments. This situation underscores the need for comprehensive data security classification and compliance requirements management.
3) What is the 'overstuffed garage' problem in data security?
Organizations store excessive data, making it costly, risky, and difficult to classify and secure, especially with AI generating more data. This problem highlights the importance of effective data categorization and data classification benefits.
4) Why is classification foundational yet problematic?
Classification is critical but challenging due to contextual differences across departments, leading to difficulties in enforcement and protection of sensitive data. This issue emphasizes the need for robust data classification policies and HIPAA data classification strategies.
Get your AI security assessment
.svg)