Everyone Has Data Security Tools. Almost No One Can Follow the Data.
Cybersecurity Insiders surveyed 1,064 cybersecurity practitioners to measure the data protection gap between where sensitive data moves and where security can follow.
Free instant download · 18 pages · No registration required
%
operate eleven or more separate data security tools
%
are confident sensitive data is not flowing uncontrolled into AI
%
cannot reconstruct a sensitive data path before a 72-hour breach-notification deadline closes
Most security teams know where sensitive data is stored. Very few know where it goes, or what it becomes. As data moves across more environments, changes form, and enters AI workflows, security teams lose the context needed to enforce policy, investigate exposure, and prove what happened. Organizations have built coverage tool by tool, yet only 7% describe their stack as fully unified — so analysts rebuild the data path by hand, enforcement stays inconsistent, and evidence scatters across systems just when regulators ask for it.
Inside the report:
- Visibility: where tracking breaks as data crosses environments — only 7% can follow sensitive data moving between applications in real time
- Enforcement: why controls hold for files but miss AI — 53% govern file uploads, only 20% govern prompt and text submissions into AI tools
- AI governance: the policy-to-enforcement gap — 67% maintain an AI policy, just 8% enforce consistently in AI environments
- Evidence: what happens when regulators ask — only 12% can quickly produce a comprehensive chain of custody
- The path forward: a data security maturity matrix showing where progress is blocked, and the five moves that close the gap
Subscribe to Cybersecurity Insiders
Get new research reports and survey findings delivered to your inbox.













