SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Flux result c10b3292 d959 4e72 b710 7305984eb19d
#
Data Protection
#
Hybrid Cloud
#
Digital Transformation

Survey finds organisations struggle to secure unstructured data

Wed, 1st Apr 2026
Author image
By Catherine Knowles, News Editor

A survey published by the Cloud Security Alliance found that many organisations are struggling to secure unstructured data. Commissioned by Thales, the study surveyed 210 IT and security professionals.

The findings highlight a gap between confidence and coverage. While 75% of respondents said they were confident in their ability to secure unstructured data, 68% said less than 80% of it was protected, and another 10% were unsure of their actual coverage.

Unstructured data includes documents, emails, chat records, images and other free-form files. These stores often contain personally identifiable information, financial records, intellectual property and legal documents, making them harder to govern consistently across cloud and distributed environments.

The survey found that unstructured data now makes up a significant share of corporate information. Respondents said it accounted for about 33% of enterprise data on average, while semi-structured data made up another 21%.

These formats are also driving growth. Nearly 29% of organisations said unstructured data represented more than half of their annual data growth, underscoring how quickly governance and security teams are being asked to manage larger volumes of information outside traditional structured databases.

Visibility Gaps

A central problem identified in the study is limited visibility into where data sits and how it is classified. More than half of respondents, 56%, said they had only partial visibility into where their data was stored.

That matters because respondents ranked security, governance, privacy and compliance among their main concerns. Yet many organisations still struggle with basic controls, including sensitive data protection, access monitoring and classification scanning.

The results suggest a structural challenge rather than a simple tooling gap. Nearly a third of respondents, 32%, said they use 11 or more tools to manage unstructured data, and 12% rely on at least 21.

The most commonly used categories were data encryption tools, cited by 62% of respondents, cloud security tools at 60%, application security tools at 59%, and identity and access management tools at 56%. That spread points to fragmented ownership and manual processes that can make security programmes harder to scale.

AI Concerns

The survey also found that artificial intelligence is reshaping how organisations assess risk around unstructured data. Respondents saw AI as both a future threat and a potential security tool, with 47% identifying it as a top future threat and 40% seeing it as part of the solution for detection, classification and automation.

Those ambitions sit alongside weak foundations in many organisations. Only 9% of respondents said they had real-time scanning for unstructured data, while 23% said they could not scan it at all.

That leaves companies in a position where AI systems may operate on incomplete or poorly understood datasets. In practice, the report suggests, AI could deepen existing blind spots if businesses do not first improve visibility and control over the underlying data.

Hillary Baron, AVP of Research at the Cloud Security Alliance, said the expansion of unstructured information has become a defining feature of modern organisations.

"The explosive growth of unstructured data-estimated by Gartner to account for between 70% and 90% of enterprise data-has become a defining characteristic of modern organizations. While it enables significant operational value, it also introduces substantial security risk. What is clear from this study is that as unstructured data continues to expand and spread across environments, many organizations are struggling to keep pace with the visibility, governance, and protections needed to manage it securely," Baron said.

The report frames the issue as one of operational strain across large business information estates, especially as data moves between cloud platforms, collaboration tools and automated systems. It also reflects concern that many organisations understand the risks in theory but have yet to put controls in place that match the scale and spread of the data they hold.

Todd Moore, vice president of Thales Data Security, said current governance models were not built for the pace and spread of data creation and sharing.

"As the CSA research highlights, today's organizations are generating and sharing unstructured data at a pace that traditional tools and governance models were never designed to handle. This puts them at a critical point of failure, where inconsistent and manual approaches can no longer keep up with the volume, velocity, and distribution of data across cloud, collaboration platforms, and AI-driven environments. Without addressing these gaps, AI, automation, and emerging technologies like post-quantum cryptography will only increase exposure. Establishing a unified, scalable approach to securing unstructured data is now an operational imperative," Moore said.

Related stories
CIQ launches Linux compliance platform ahead of deadlines
Emerson & OPSWAT strike global reseller deal for OT patching
IWF & Cyacomb launch workplace abuse material scans
Cork Cyber adds automated mapping to Vantage platform
How Atomgate uses education and partnership to drive successful SonicWall upgrades

Top stories

Team Cymru launches Total Insights Feeds for threat data
FIRST conference highlights AI & CVE disclosure push
Protegrity launches AI Team Edition for secure inferencing
OpenAI launches Trusted Access for Cyber with major names
Anthropic launches Claude Opus 4.7 with stronger coding