Bedrock Security 2025 Index reveals visibility gaps in data security

A new survey from Bedrock Security reveals that 82% of cybersecurity professionals struggle with visibility into their organization’s data security, indicating significant vulnerabilities. The “2025 Enterprise Data Security Confidence Index” surveyed 530 cybersecurity professionals from organizations with over 1,000 employees across the U.S. The findings suggest that the increasing complexity of data environments, coupled with the rapid adoption of Artificial Intelligence (AI), intensifies these challenges.

The survey highlights that 90% of participants recognize the value of using a metadata lake to improve continuous data discovery and classification. However, over half of security teams (53%) lack consistent and timely visibility of sensitive data, with many requiring days or weeks to locate such assets. This opens up potential threats at a time when data breaches remain costly, with the average breach now estimated at $5 million.

According to Bruno Kurtic, CEO and co-founder of Bedrock Security, organizations are generating and storing data across various environments, resulting in increased blind spots and security risks. He noted that effective automation and visibility solutions are crucial to mitigate these risks and streamline operations.

As a response to the challenges identified in the survey, 86% of security professionals reported shifts in their roles over the past year, incorporating new responsibilities related to data governance and AI oversight. Almost 59% indicated new AI-related data responsibilities. However, only 48% feel confident in controlling the sensitive data used for AI Machine Learning (ML) training, exposing significant vulnerabilities to breaches and compliance issues.

Security professionals identified several barriers to effective data security, including complex environments and a lack of automation. Many expressed a desire for improved data awareness and better governance policies as they navigate the integration of AI in their operations.

The findings underscore the necessity of a unified approach to data security, particularly as organizations continue to grapple with evolving landscapes and increased data complexities.