53% of security teams lack continuous and up-to-date visibility

Enterprises lack visibility into their own data, creating security risks that are compounding as organizations and their employees increase AI adoption, according to Bedrock Security.

The majority of organizations struggle to track sensitive information across sprawling cloud environments, leaving them vulnerable to data breaches and compliance failures. The research also documents a significant shift in security roles, with nine in 10 professionals surveyed reporting their responsibilities have evolved in the past year, most notably in data governance and AI oversight.

The data visibility problem

82% of cybersecurity professionals report gaps in finding and classifying organizational data across production, customer and employee data stores. 53% of security teams lack continuous and up-to-date visibility, with most requiring days or weeks to identify and locate sensitive data assets, increasing risk at a time when the average cost of data breach has grown to nearly $5 million.

“Organizations now generate, copy and store data across multiple environments — including IaaS, PaaS and SaaS — creating numerous blind spots,” said Bruno Kurtic, CEO at Bedrock Security. “This survey shows this problem is widespread and likely getting worse.”

76% of organizations say they cannot produce a complete data asset inventory within hours when needed for compliance or security incidents. This timing gap is concerning when compared to the speed at which modern threat actors typically operate, with industry observations indicating adversaries can begin moving laterally through networks within hours of initial breach.

65% need days to accomplish this task, while 11% require weeks or longer — timeframes that prove dangerous during actual security incidents and slow down productivity for AI application deployments.

“When we ask security teams how quickly they can identify the most foundational information about their data, such as who accessed specific sensitive data in the last 30 days, the numbers are equally concerning,” added Kurtic. “In the survey, 63% claim they can do this within 24 hours, meaning more than a third of organizations lack timely visibility into who’s accessing their most sensitive information.”

Security pros report job shifts toward data and AI

Data visibility challenges are accelerating a dramatic transformation in security responsibilities, with 86% of professionals reporting changes in their role over the past year as data security duties expand beyond traditional boundaries.

Only 11.5% report their job responsibilities remained unchanged, highlighting a widespread shift in security functions. 68% increased focus on infrastructure security while simultaneously taking on new data-centric responsibilities. Across all survey respondents, almost 59% added new AI data responsibilities in the past year.

Broken out by role:

• CISOs/CSOs/CTOs: Almost 70% of these respondents have taken on new data discovery responsibilities, specifically for AI initiatives
• Security managers/directors: 55% of these respondents added data governance duties for AI training
• Security engineers/architects: 52% of these respondents have new AI data discovery responsibilities

Most organizations can’t track what data feeds their AI systems

48% of organizations express high confidence in controlling sensitive data used for AI/ML training. This lack of control creates serious risks for data leakage, compliance violations and reputational damage.

Security teams reported these top four AI security hurdles:

• Struggle to classify sensitive data used in AI/ML systems (79%)
• Cannot ensure AI systems respect proper data access rights (77%)
• Trouble tracking what data feeds their AI systems (64%)
• Difficult to enforce policies on training data usage (57%)

The survey found that security responsibilities have expanded significantly due to AI. 59% of security professionals now have new AI data discovery responsibilities, and 54% added AI training data governance duties in the past year.

Organizations see the following specific benefits from a metadata lake:

• 84%: Current, accurate data inventory across all systems and data sets
• 78%: Better data awareness for security tools
• 75%: Enhanced security tool power through data sensitivity awareness
• 59%: Data usage information for non-security needs (cost management, deduplication)

Top barriers to effective data security

82% of respondents blame complex environments with multiple clouds and data stores for their challenges. 76% cite a lack of automation, which requires too much manual work.

75% report that their tools cannot handle current data volumes. 66% say they lack the people and processes needed for proper analysis and, 62% struggle with managing different data types, including structured, semi-structured, and unstructured data.

The research uncovered notable differences in how security leaders at various organizational levels approach data security.

CISOs/CSOs/CTOs: CISOs place significantly higher priority (83%) on AI data usage governance than other security needs and express the most concern (72%) about discovering data used in AI initiatives. To address these challenges, CISOs show the strongest belief in metadata lake solutions, with 97% rating such technology as either “critical” (36%) or “very valuable” (61%) for solving their data visibility and AI governance issues.

Security managers/directors: These mid-level leaders split their focus between AI governance (71%) and policy enforcement (66%) across environments. They report the lowest confidence (46%) in controlling data used for AI training compared to other roles, and the largest percentage (5%) with low or no confidence in this area.

Security engineers/architects: Technical practitioners worry most about AI systems understanding data access rights (83%), reflecting their hands-on work with entitlement management. Engineers report the highest ability to track sensitive data, with 39% able to identify over 75% of sensitive data across environments (compared to 20% of CISOs).

“These differences highlight how each role experiences data security challenges through their specific job responsibilities,” said Kurtic. “But all groups agree on the need for security, development and data engineering teams to collaborate around a single source of truth for data context in the enterprise — a unified solution for data security and data management challenges.”

Without a metadata lake to drive unified data discovery, classification and governance capabilities, the research shows that organizations will continue to struggle with securing their sensitive information — particularly as AI adoption accelerates.

Looking ahead, organizations:

• will focus on AI/ML data usage governance (70%)
• aim to strengthen policy enforcement across cloud environments (64%)
• want more accurate data classification (58%)
• plan to improve security tools with better data awareness (53%)
• will increase infrastructure security focus (68%)

“These priorities show a clear shift toward data-centric security,” said Kurtic. “Organizations recognize they must know what data exists, where it lives, who can access it and how sensitive it is to protect it properly across their entire IT environment, including AI/ML, cloud and infrastructure security.”