5 minute read 26 Apr 2021
Group of entrepreneurs on a meeting during the pandemic

How to balance using data as an asset with privacy and security risks

Realizing the true value of data requires a shift in mindset and the integration of data risk into enterprise risk management frameworks.

In brief
  • Establishing a data-driven culture is a top priority for chief data officers (CDOs) and leads to positive business and customer outcomes.
  • Organizations with a strong data culture, can better manage the need to maximize value of data as an asset with potential data risks.

The world is on the move and within the financial services sector, banks, insurers, asset managers and pension funds are facing a set of common challenges as they transition from a technology-focused view to a business service view in relation to data. It amounts to a real fight in how organizations can better identify, share and derive value from the data they hold by adopting a new set of conditions, not least creating a collaborative “data culture” that extends throughout the business.

Establishing this culture requires working toward a data-literate staff and establishing data “trust” across the business in how data can be used. Certainly, the benefit of such a move is borne out by the experts who see the principal hurdle as being the need for businesses to face the challenge as one team.1

Working in silos is not unusual, but when it comes to data, it means that businesses lack a strategic focus, preferring instead to operate at a department level without anyone owning a holistic view of the importance and potential value of data across the organization. It means, therefore, missing out on the benefits that enterprise collaboration can bring.

Of course, it is tempting to lay the responsibility at the feet of the chief data officer, but a CDO juggles many responsibilities, from creating value (for example, improving the customer journey or building new products/services based upon data analytics) and harnessing the good that data can bring through to compliance (e.g., privacy and protection, financial irregularities) and managing risk.

It seems that once a CDO is hired, regardless of how small the associated resources and team, every data problem that crops up, however minor, falls into their lap.2 Put more simply: they get the problems and the challenges but not the budget.

What is immediately wrong with this mindset is it shows that the culture within organizations toward data is inherently “defensive” and not aligned with the new reality of recognizing and managing data as a valuable asset, crucial to the future success of the business. It demonstrates a negativity toward data based on a fear of getting it wrong, and falling foul of the appropriate regulatory authority, as opposed to a more forward-looking approach to data that enables corporates to transform business operations, inspire new product development, and revolutionize the customer experience.

Part of the historic challenge is that data risk has never been adequately defined. Perhaps it can be most easily understood as the risk of loss arising from the inability of the firm to manage, protect or create value from its data assets. 

Part of the historic challenge is that data risk has never been adequately defined. Perhaps it can be most easily understood as the risk of loss arising from the inability of the firm to manage, protect or create value from its data assets. While businesses are quick to recognize “downside” risks, they need to shift their focus from simply mitigating risk to fully embracing new upside opportunities to create value with data culture as a foundation.

However it is defined, it has never been seen historically as part of the wider enterprise risk framework, when it should (see diagram below for illustrative example). Neither has it been seen, holistically at least, as an opportunity rather than a threat. The emphasis has always been on the penalties, rather than the rewards.

Data Risk Diagram V2

Improving the quality of data, for example, and how it is managed drives better decision making and leads to better customer outcomes. Understanding how data can be used appropriately (i.e., understanding its original purpose and whether it can be used for other purposes) supports not only innovation and new product development, but also ensures customers are offered the right products at the right time, according to their need and profile. 

In all cases, certainly, failing to manage these risks correctly will do harm, but a much greater harm can be inflicted on a business by failing to recognize the potential value to be realized from the data it owns. Incorporating data culture risk in the enterprise risk framework acknowledges the importance of culture, behavior and mindset for the success of becoming a data-driven business.

According to Gartner, establishing a data-driven culture is ranked priority number one among surveyed CDOs. The CDO needs to act as the ultimate “connector” to “join up” the relevant teams, skills and knowledge. Businesses already have codes of conduct to promote desirable attitudes and behaviors; what is crucial is that similar attitudes and behaviors are embedded to increase data awareness and data literacy which in turn enables an organization to gain value from the data assets they hold.

So on the one side organizations should work on the integration of data risk in the enterprise risk management framework. Existing risks and mitigations need to be updated and new risks and data-driven mitigations, such as smart rules should be added to the framework to include all relevant data risks. The CDO needs total visibility of the risks and their status and needs to be in control of all risks related to data. The CDO also needs to be fully aligned with his/her C-suite colleagues to manage the risk and maximize the opportunity for the data they hold.

On the other side, they need to foster a data culture – a culture driven by a “collective conversation” that leads to positive behavioral change. This new culture and mindset will be key to driving the acceptance and adoption of all data-related solutions in an ethical manner within their organization, enabling them to break through the roadblocks that are preventing them from achieving real value. 


To be successful, organizations must build a true data culture and upgrade their enterprise risk management framework to mitigate all data risks.