The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust

There is a perceptible shift in how risk is seen across the organization. Data integrity is no longer only about keeping data safe; it’s also about data trust. Organizations are asking themselves, “Can we trust our data?” In a new era shaped by AI-driven decisions, that question is difficult to answer, and it increasingly has operational significance. Even a minuscule change in training data can significantly increase the likelihood of inaccurate or harmful AI outputs. Organizations have built an operational framework where all decision-making, whether financial, operational, or strategic, is governed by data. Data distortion, therefore, becomes a very clear and present integrity problem. The Link Between Security and Curiosity While cybersecurity is about deploying security solutions to protect key systems, it’s also about understanding that data is the driving force of any system. We must understand the data flow, its source, the transformation it undergoes as it flows through systems; how it influences whatever it touches, and how it is consumed and enriched. For instance, sales data doesn’t exist in isolation but is integrated with marketing data, CRM profiles, pricing rules, etc., before being used by forecasting models. Curiosity ensures that people don’t inherently assume their data is valid and trustworthy. This matters because modern threats don’t focus on breaking systems alone, but on manipulating the data inputs these systems consume and leverage. Understanding What’s Normal Data integrity should be defined as what is normal and what is not. In modern environments, “normal” is dynamic and evolving. We see data being continuously updated to ensure it is current and relevant, reprocessed and shared across cloud platforms, synchronized tools, and third-party systems. As the organization grows its footprint across new business domains and markets, new data sources are introduced throughout its many pipelines. Such scenarios are ripe for compromised or corrupt data to blend in and become part of the expected pattern. Here, many detection strategies fall short. Tools can flag anomalies, but without a clear understanding of normal behavior, security teams are left reacting to symptoms rather than nipping root causes in the bud. The Multiplier Impact of AI Bad data has become even more dangerous in the age of AI. A machine learning system doesn’t question its input. It assumes the data it is training on reflects reality, and if the data is biased, incomplete, or tampered with, the system learns the wrong lessons but doesn’t fail. Models trained on flawed datasets produce skewed outcomes. In cybersecurity, the consequences are more dangerous. A detection model trained on compromised data may fail to detect threats and, over time, normalize them. Compounding this is the “black box” issue. Many AI systems offer decisions without clear explanations, making it difficult to trace errors back to their source. Data Governance Impacts Data Integrity The governance gap often impacts data integrity. In an organization, data access is restricted based on role and hierarchy. Access controls define who can view or edit data. But this is just in theory. In reality, data can be shared, duplicated, and modified across diverse teams and tools. Very often this happens without clear ownership. As data moves from one team to another, ownership gets murkier and murkier. It becomes difficult to determine which version is the source of truth. Even basic practices like data classification are inconsistently applied. Information labelled “confidential” is widely shared, while truly critical data remains insufficiently protected. This results in a slow erosion of trust. What we see is the line between trusted and compromised data is blurring quickly because of a lack of data governance. Roadmap for Ensuring Data Trust While organizations are securing systems with the best available security solutions, they are beginning to focus on what flows through them, which ultimately determines the ROI of the system, which is data. Irrespective of how the ‘application sprawl’ within an organization evolves, or how the infrastructure scales, or how tools are introduced, what remains constant is the data flowing through them. It is the very foundation of every decision, model and process. The focus is therefore not limited to protecting environments but preserving the accuracy, consistency, and trustworthiness of data as it moves through them. In practice, this means: Defining clear ownership for critical datasets to ensure accountability for accuracy and integrity, which doesn’t depend on assumptions, but is explicit. Not limiting user access to just data but also modification of data, which ensures changes are controlled, intentional, and traceable. Maintaining audit trails to track how data evolves over time, making it possible to identify when and where integrity may have been compromised. Treating certain sources as authoritative, reducing ambiguity around what constitutes the “source of truth.” Treating trust as a strategic advantage is the best foot forward in a world where data is seen as the most valuable asset. Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. Regulators are tightening expectations. Cyber insurers are demanding stronger controls. And organizations are realizing that decisions are only as good and reliable as the data behind them. Trust, therefore, becomes a key differentiator between organizations that can grow, innovate, and compete confidently and those that cannot. WRITTEN BY Steve Durbin Steve Durbin is Chief Executive of the Information Security Forum, an independent association dedicated to investigating, clarifying, and resolving key issues in information security and risk management by developing best practice methodologies, processes, and solutions that meet the business needs of its members. ISF membership comprises the Fortune 500 and Forbes 2000. More from Steve Durbin Four Risks Boards Cannot Treat as Background Noise Why We Can’t Let AI Take the Wheel of Cyber Defense Cyber Risk Trends for 2026: Building Resilience, Not Just Defenses Cybersecurity Is Now a Core Business Discipline Follow Pragmatic Interventions to Keep Agentic AI in Check Beyond the Black Box: Building Trust and Governance in the Age of AI Latest News Censys Raises $70 Million for Internet Intelligence Platform Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks Venom Stealer Raises Stakes With Continuous Credential Harvesting TeamPCP Moves From OSS to AWS Environments CrewAI Vulnerabilities Expose Devices to Hacking Google Slashes Quantum Resource Requirements for Breaking Cryptocurrency Encryption Exploitation of Critical Fortinet FortiClient EMS Flaw Begins StrongSwan Flaw Allows Unauthenticated Attackers to Crash VPNs Trending Webinar: Securing Fragile OT In An Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Webinar: Why Automated Pentesting Alone Is Not Enough April 7, 2026 Join our live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline. Register People on the Move Moderna has promoted Farzan Karimi to Deputy Chief Information Security Officer. Brian Goldfarb has been appointed Chief Marketing Officer at SentinelOne. Token has appointed Katy Nelson as Chief Revenue Officer. More People On The Move Expert Insights Why Agentic AI Systems Need Better Governance – Lessons From OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) The Human IOC: Why Security Professionals Struggle With Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) How To 10x Your Vulnerability Management Program In The Agentic Era The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation. (Nadir Izrael) SIM Swaps Expose A Critical Flaw In Identity Security SIM swap attacks exploit misplaced trust in phone numbers and human processes to bypass authentication controls and seize high-value accounts. (Torsten George) Four Risks Boards Cannot Treat As Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) Flipboard Reddit Whatsapp Email