Ensuring Data Security in the Age of AI
Organisations across Australia and New Zealand (ANZ) face unprecedented challenges in managing and securing their most valuable asset — data. What we’re hearing is that data is the new gold — valuable, worth hoarding, and something to be mined for insights. But it could also be viewed as uranium: powerful but potentially dangerous, requiring careful handling, and something you only want to keep in the amounts you absolutely need.
As organisations increasingly rely on AI to drive innovation and efficiency, they must also address the unique security challenges that come with it. In 2024, 95% of organisations faced challenges in AI implementation, primarily due to data readiness and information security. Organisations most vulnerable to attacks often hold years of accumulated data — every piece of data you store is a potential target for cyberthreat or insider risk.
Managing vast amounts of data requires robust lifecycle management and ensuring compliance with legislative requirements like Public Records Acts, Australia's Privacy Act 1988, New Zealand’s Privacy Act 2020, and industry-specific regulations like Australian Prudential Regulation Authority (APRA). Organisations must adopt proactive data security posture management (DSPM) to safeguard sensitive information and mitigate risks.
This blog covers a new approach to information security that addresses the unique challenges presented by AI technologies.
The Critical Intersection of Data Security and Information Management
According to Forrester, 60% of Asia Pacific firms will localise AI with regionally trained language models reshaped by diverse customer needs, regulatory challenges, and linguistic barriers. Organisations with a more mature information management strategy are 1.5x more likely to realise the early advantages of AI implementation compared to those with a less robust approach. Information management provides the foundation for effective data security by establishing policies, procedures, and systems for creating, using, sharing, and disposing of information assets.
In fact, the Office of the Australian Information Commissioner (OAIC) Notifiable Data Breaches Report Australian Cyber Security Centre’s (ACSC) Annual Cyber Threat Report 2023-2024 received 527 data breach notifications from January to June 2024, the highest number of notifications received in three and a half years. Malicious and criminal attacks were the primary source of breaches (67%), with 57% of those being cybersecurity incidents. This highlights the increasing reliance on digital tools and the sophistication of cybercriminals using emerging technologies like AI to bypass traditional defence measures.
In addition, the regulatory requirements under the upcoming Privacy Act reforms in ANZ impose strict obligations to protect against data breaches. Here are some key changes in Australia’s Privacy Act reforms responding to growing digital privacy concerns and aligning with international standards:
- Increased penalties: Significantly higher fines for serious privacy breaches (up to 10% of annual turnover)
- Expanded definition of personal information: Explicitly includes technical data and online identifiers
- Stricter consent requirements: Demands clear, specific, and timely consent for data collection
- Enhanced individual rights: Includes broader rights to access, correct, and delete personal information
- Mandatory data breach notification: Tighter timelines and reporting requirements
- Privacy by design: Requires embedding of privacy protection in systems and processes from inception
New Zealand has similarly updated its Privacy Act framework, building on the 2020 Privacy Act reforms with additional measures:
- Strengthened cross-border data protection: Implements new restrictions on international data transfers
- Additional regulatory powers: Expands authority for the Privacy Commissioner
- New risk assessment: Mandatory evaluations for high-risk data processing activities
- Enhanced accountability measures: Includes more detailed record-keeping requirements
ANZ organisations must now review and update privacy policies, data collection practices, and security measures to ensure compliance with the stricter requirements. This underscores the intrinsic link between AI and data security, highlighting why information management matters.
Managing Data Sensitivity in AI Environments
Today’s customers and workforce expect security by design. AI systems process vast amounts of sensitive data, from personal information to confidential business intelligence. We’ve seen large-scale data breaches with organisations like MediSecure, an Australian health organisation that holds sensitive medical information and dispenses e-prescriptions. The breach affected nearly half of the Australian population, and the company had to seek government assistance to manage its affairs, assets, and liabilities.
The incident reinforces the potential impact of cyberattacks that go beyond privacy concerns and financial implications. Targeting a healthcare sector that provides essential and time-sensitive services in which downtime can cause operational disruption is a stark reminder that no organisation is immune. It’s not a question of “if” but “when.”
As AI systems become more sophisticated, so must business strategies to protect sensitive information. Effective DSPM enables organisations to:
- Identify and classify sensitive data across all storage locations
- Apply appropriate security controls based on data sensitivity
- Monitor access patterns and detect anomalies
- Enforce compliance with regulatory requirements
- Automate security responses to potential threats
By implementing DSPM solutions, ANZ organisations can gain visibility into their sensitive data landscape and proactively address security risks before they result in breaches.
Emerging Security Roles and Continuous Conversations
The rise of AI has introduced new security roles within organisations. These roles focus on analysing risk exposure and managing data security without making changes like adding tags or modifying permissions. Security leaders must prioritise resilient data security to prevent data loss or breaches, leveraging new tools and technologies to gain a deeper understanding of the risks within their organisation. These specialists analyse risk exposure across AI systems focusing on evaluating AI model vulnerabilities, developing AI-specific security policies, and coordinating response to AI security incidents.
As the threat landscape constantly evolves, organisations must engage in continuous security conversations to stay ahead of potential risks. This involves regularly assessing the security posture, identifying risk acceptance criteria or tolerance levels, and reallocating resources for security initiatives and compliance with evolving regulatory requirements. By fostering a culture of security, organisations can ensure that their AI initiatives are resilient and beyond secure.
For executives in ANZ organisations, these new security capabilities are not merely a cost centre but a strategic investment. By maintaining continuous dialogue around security concerns, organisations can develop a shared understanding of risks and align security initiatives with broader business objectives.
Automating Data Security for Scale and Efficiency
Manual approaches to data security cannot keep pace with the volume of data in AI environments. Automation has become essential for effective protection. According to Cybersecurity Ventures, there has been a 35% increase in the adoption of advanced threat detection tools. Gartner also predicted that 70% of organisations will have integrated AI-driven threat intelligence systems by 2025, enhancing their ability to identify and mitigate threats before they manifest into major incidents.
Organisations can run risk assessments to identify who has access to sensitive data, whether they have accessed it, and if any external entities pose a threat. By aggregating highly exposed content with sensitive information types, organisations can present a heatmap of at-risk data across their systems. This enables rapid and efficient resolution of data visibility concerns, ensuring that sensitive information is protected.
These automated capabilities allow security teams to focus on strategic initiatives rather than routine monitoring, significantly enhancing operational efficiency.
Strengthening Data Security Through Quality and Governance
AI systems rely on accurate and up-to-date data to generate meaningful insights. However, outdated or obsolete data can lead to incorrect recommendations and decisions. Organisations must automatically identify and act on outdated content to maintain the accuracy of AI recommendations. This involves archiving or deleting obsolete data and ensuring that AI systems have access to high-quality, relevant information.
According to Gartner, poor data quality costs organisations an average of $14.2 million annually, accounting for approximately 30% of security-related costs. To enhance data security, organisations should:
- Implement automated data quality checks.
- Establish clear data governance frameworks.
- Create metadata management systems.
- Develop lifecycle management policies.
By prioritising data quality and governance, organisations create a security foundation that significantly reduces their attack surface while enabling AI systems to operate within defined security parameters. This approach transforms lifecycle management from a support function into a strategic security asset directly contributing to the organisation’s cyber resilience.
A Holistic Approach to AI Data Security
As AI adoption accelerates across ANZ, security challenges will continue to change. Organisations that take a holistic approach – integrating information management, data sensitivity governance, and data readiness – will be best positioned to harness AI’s benefits while mitigating its risks.
The journey toward comprehensive data security in the age of AI requires ongoing commitment, investment, and adaptation. By prioritising these key areas, ANZ organisations can build the foundation for secure and responsible AI deployment.
Discover how AvePoint’s Confidence Platform can help your organisation implement robust data security and information management practices to support your AI initiatives.
Janine Morris is an experienced information management professional who helps organizations reduce information chaos and improve employee experience while meeting regulatory and compliance requirements. She holds a Master's degree in Information Management and her professional approach and passion have earned her solid recognition in the industry, including being recognized as a Membership Fellow (FRIM) and serving as a former board director and branch president of RIMPA Global.
