Data is the backbone of modern businesses, supporting daily operations and informing key strategic decisions. As we move further into the digital age, the value of this data will continue to grow exponentially. Unfortunately, cyber criminals understand all too well the importance of data to businesses, and it is frequently the target of an attack. Almost half of all UK businesses came under fire last year, and with digital infrastructure becoming increasingly complex, attack surfaces will only grow.
Furthermore, as employees shift between office work and remote, businesses must be aware of the dangers presented by shadow IT – external technologies that could introduce unforeseen vulnerabilities to an otherwise secure network. Data Protection Day serves as a timely reminder that cybersecurity must become a core business priority in order to protect data that is not only vital to operations, but to maintaining trust with partners and customers too.
The question is clear – how can businesses protect their data in the face of an increasingly hostile environment?
Keeping data secure
Protecting data requires organisations to have stringent cybersecurity, think carefully about where their data is stored and ensure they have strong policies in place surrounding it. For Terry Storrar, Managing Director, Leaseweb UK, “data privacy is no longer an abstract compliance or policy issue. Instead, it is increasingly driven by technical and architectural choices. With more businesses investing deeply into cloud and AI technologies, where data lives, how it is isolated and who controls the underlying systems determine whether privacy can be upheld or not. This highlights a fundamental shift in how privacy is approached, moving it from contractual assurances to verifiable technical controls.”
“Protecting sensitive information requires consistent discipline, not just policies,” explains Bruce Kornfeld, Chief Product Officer at StorMagic. “This discipline starts with infrastructure choices. As organisations continue to evaluate cloud-first strategies, many are also reassessing where their most critical data should live. For workloads that demand predictable performance, strong governance and clear ownership, on-site infrastructure continues to play an essential role in a sound privacy strategy.
“Keeping data on-prem, closer to where data is being generated and managed, gives organisations greater visibility and control over how information is stored, accessed and protected. This is especially relevant as regulations evolve and as more data is generated at distributed and edge locations. When data stays closer to where it is created and used, IT teams can more consistently enforce security standards, reduce exposure and respond quickly when issues arise.”
Harnessing the power of AI
Protecting business data has never been an easy ask, and now “the challenge is intensifying with the rise of Artificial Intelligence”, according to Stephan Badesha, CISO at Node4. He adds: “AI is a powerful force multiplier for defenders, enabling faster threat detection, accelerated incident response, and improved visibility across complex environments. At the same time, it is being actively exploited by attackers to scale phishing campaigns, generate convincing social engineering, and create deepfake voice and video fraud. AI is no longer an emerging issue, it is a frontline security concern.”
For many security teams, staying ahead of this new threat means taking advantage of AI themselves. Bertijn Eldering, Associate Sales Engineer at HackerOne points out that “as cyber threats grow in complexity, especially with AI in the mix, we’re seeing a clear shift: security leaders are embracing offensive security strategies like bug bounty and AI Red Teaming engagements to stay ahead of risk.
“That’s the power of combining human ingenuity with AI capabilities – together, they create a more resilient, proactive defence. When paired with a crowdsourced approach, this strategy doesn’t just respond to threats; it continuously surfaces the exposures that matter most, helping you stay ahead in the race.”
In this new, more complex threat landscape, it’s also important that organisations consider their strategy for when the worst happens. As Mark Molyneux, Field CTO North Europe at Commvault explains, “traditional reliance on backups alone to recover data is no longer enough.”
He adds: “Cybercriminals have adapted; embedding malware into backups or using sleeper ransomware that activates after restoration, or simply destroying or encrypting backups to prevent recovery altogether. ResOps pushes businesses to think about the bigger picture and ensure that all recovered data and systems are truly clean, not just seemingly so. AI and automation are making this possible with the latest technology able to detect threats across Active Directory and log and flag any changes automatically. Its ability to also rollback unwanted changes at speed, before they impact entire systems, can provide IT leaders with the support they need to keep their organisations safe and accessible.”
A priority – not a compliance tick box
It’s clear that protecting data is a complex and difficult task. However, it remains vital if businesses don’t want to risk huge financial and reputational damage.
JP Cavanna, Director of Cyber Security, Six Degrees points out that “GDPR was introduced to modernise data protection and raise expectations around how personal data is handled. Eight years on, serious breaches continue to surface.
“However, continuing reports of organisational data leaks show that formal compliance alone does not prevent harm, nor does it rebuild trust once data is exposed. Regulation simply defines minimum standards; protection is shaped by the true everyday behaviour inside organisations.
He concludes, “Data Protection Day should prompt organisations to look beyond basic safety checklists. They must invest in people, simplify technology, and treat regulatory frameworks, including GDPR, as foundations that support a broader, evolving approach to protecting personal data.”
