Trying to protect sensitive data was a major concern for the enterprise in 2021, and it will continue to be in the coming new year. Whether it be ransomware, a data breach, or a compliance fine associated with one of the new data regulations, the risk around an organization’s data is going to increase as its data consumption increases. Data incidents will be more common because organizations currently lack the ability to properly discover their potential data risks and organize their data to avoid those risks. 

Here are my top 2022 predictions impacting data protection strategies:

Data debt will be a primary culprit of security breaches: Organizations have data stored everywhere, from their latest SaaS application to their oldest desktop and everything in between. And while organizations have worked tirelessly to secure their perimeters and lock down rights and access, sensitive data remains unfound and unprotected. Minimizing this data debt’s security impact begins by viewing data as a threat surface and methodically mitigating that threat based on its relative value, volume, and vulnerability. In 2022, there will be many organizations, with millions of undiscovered and undetected risks across their data landscape, exposing their enterprises and their partners to significant damage.
 
Automated context-rich data classification will go mainstream: Every piece of data within your organization represents a unique combination of business value and level of risk. As data privacy concerns, cybersecurity threats, and compliance mandates gain intensity, the need for effective data classification is more urgent than ever. Classification systems help organizations set boundaries around data access, use, and modification, acting as a natural next step to protect data once discovery efforts are complete. But many organizations find the process challenging because the system is too cumbersome to gain widespread adoption. The sheer volume of data makes the concept of manual classification untenable and just getting started seems daunting. In the new year, organizations will need to start simple by focusing on automation to understand data value better.
 
Organizations will struggle to shift from the reactive “if” or “when” to the proactive reality of “how often” they’ll have to deal with data-related incidents: For years, vendors have said, “It’s not if you’ll be breached, it’s when.” The shift we are starting to see accelerate is organizations experiencing multiple incidents in a single year, and the types of incidents are expanding. This is a direct result of the ever-expanding data universe, accelerated by the global pandemic and the evolving regulations surrounding sensitive data. In 2022, organizations will begin planning to minimize the costs and business impacts as if they will experience three or four significant events a year vs. a singular “black swan”-type event. More breach management will be brought in-house and organizations will manage data risk much more actively.