Data has become one of the most valuable assets for modern businesses, and in turn one of the most attractive targets for cyber criminals. Nearly half of UK organisations experienced a cyber attack last year, and the threat landscape continues to intensify. As technology advances, attackers gain more sophisticated tools, while the growth of AI and shadow IT introduces fresh risks from both outside and inside organisations. Data Protection Day is a timely reminder that safeguarding information must remain a business priority.
The consequences of data breaches extend well beyond operational disruption or financial loss. Customers and employees place trust in organisations to protect their personal information, and that trust can be quickly undermined. Although the challenges are significant, with the right focus and investment, businesses still have time to strengthen their defences and respond with confidence.
AI has rapidly been intertwining with all aspects of cyber, and data protection is no exception. As discussed by Bertijn Eldering, Associate Sales Engineer, HackerOne, AI can be seen as both a challenge and a catalyst; “As organisations integrate AI into products and operations, their attack surfaces expand. While AI is enhancing the precision and speed of security researchers, we also see that these tools will empower bad actors to up their game as well.” Eldering stresses the importance of “combining human ingenuity with AI capabilities”, as together these help to create a more resilient and proactive defense against threats.
Stephan Badesha, CISO, Node4, also recognises how AI is intensifying the challenge of data being a prime target for cyber criminals: “AI is no longer an emerging issue, it is a frontline security concern. As employees increasingly adopt AI tools in their daily work, organisationsmust be aware of the growing risk of ‘shadow AI’. Unregulated use can introduce data leakage, governance gaps, and security blind spots, particularly in hybrid and distributed working environments. The path forward is clear. Businesses must establish practical guardrails for AI use, embedding security, privacy, and accountability from the outset. True cyber resilience is built on a combination of technology, people, and process working together.”
With constantly growing threats, businesses must ensure to not only follow all regulation and compliance guidelines, but use these as a baseline to build further security from. JP Cavanna, Director of Cyber Security, Six Degrees, explains how GDPR was first introduced to modernisedata protection and raise expectations around how personal data is handled, however serious data breaches are continuing to happen.
He adds: “Ongoing reports of organisational data leaks show that formal compliance alone does not prevent harm, nor does it rebuild trust once data is exposed. Regulation simply defines minimum standards; protection is shaped by the true everyday behaviour inside organisations. Strong data privacy depends on an informed and confident workforce. Data Protection Day should prompt organisations to look beyond basic safety checklists. They must invest in people, simplify technology, and treat regulatory frameworks, including GDPR, as foundations that support a broader, evolving approach to protecting personal data.”
Along with thinking about following regulations, organisations must also make sure that their infrastructure is set up as securely as possible. “Keeping data on-prem, closer to where data is being generated and managed, gives organisations greater visibility and control over how information is stored, accessed and protected”, says Bruce Kornfeld, Chief Product Officer, StorMagic.
“This is especially relevant as regulations evolve and as more data is generated at distributed and edge locations”, Kornfeld continues. “When data stays closer to where it is created and used, IT teams can more consistently enforce security standards, reduce exposure and respond quickly when issues arise. Infrastructure decisions should support privacy by design and reduce operational risk across all environments, helping organisations protect sensitive information and maintain trust as their IT environments continue to change.”
Terry Storrar, Managing Director, Leaseweb UK, also highlights how data privacy is now increasingly driven by technical and architectural choices. He explains: “Many organisations are rethinking the assumption that the largest global provider is automatically the safest and most secure choice for their data. Instead, they divert toward regional, sovereign, and dedicated infrastructure models. These strategies are gaining traction because they keep sensitive data and intellectual property within clear legal jurisdictions and under known governance frameworks. When geography, governance, and infrastructure are aligned from the start, managing privacy becomes significantly simpler and more reliable.”
Businesses need to not only think about protecting data, but also how data can be recovered if it were to be compromised. Traditional reliance on backups alone is no longer enough, believes Mark Molyneux, Field CTO North Europe at Commvault; “Recovery does not stop with data. Restoring identity services and the applications that depend on them is often the most time consuming and business critical task. What was once a manual and risky process can now be streamlined through modern automation, enabling Active Directory and core systems to be assessed and validated or cleaned in an isolated recovery environment. This significantly reduces recovery times and helps organisations regain control faster. This is the essence of true cyber resilience – the ability to recover safely, maintain trust in identity systems and keep the business running even in the face of a crisis.”
As these experts reveal, strong security remains the cornerstone of effective data protection. While organisations continue to adopt AI and navigate an evolving regulatory landscape, they must ensure their infrastructure is resilient enough to support these changes safely. Technology, regulation, and innovation can only deliver real value when underpinned by robust security practices. By prioritising protection at every level, businesses can safeguard sensitive data and position themselves to face emerging threats with confidence.
