Data risk is everywhere: 5 steps to manage it : PwC

Data risk is everywhere: 5 steps to manage it : PwC Skip to content Skip to footer Featured insights Capabilities Industries Technology About us Careers More

Search Menu

Featured insights Featured insights 2026 Global Digital Trust Insights Survey Board governance issues C-suite insights Case studies Policy on Demand Podcasts PwC Executive Pulse Tech Effect Viewpoint Webcasts All Research and insights Menu

Featured insights 2026 Global Digital Trust Insights Survey Menu

Featured insights Board governance issues Menu

Featured insights C-suite insights Board of directors Chief AI Officer (CAIO) Chief Executive Officer (CEO) Chief Financial Officer (CFO) Chief Information Officer (CIO) Chief Information Security Officer (CISO) Chief Marketing Officer (CMO) Chief Operating Officer (COO) Chief Risk Officer (CRO) Controller Corporate development Legal officer Sustainability leader Tax leader Menu

Featured insights Case studies Menu

Featured insights Policy on Demand Menu

Featured insights Podcasts Menu

Featured insights PwC Executive Pulse Menu

Featured insights Tech Effect Menu

Featured insights Viewpoint Menu

Featured insights Webcasts Menu

Featured insights All Research and insights

Featured

America in motion Executive leadership hub - What’s important to the C-suite? Menu

Capabilities Capabilities Audit and Assurance Alliances and ecosystems Artificial Intelligence (AI) Board governance issues Consulting Cybersecurity, Risk and Regulatory Deals Digital assets and crypto Digital assurance and transparency Engineering & AI Enterprise Strategy Financial Markets & Real Estate Finance and Accounting Financial statement audit Front Office Managed Services Metaverse Operations PwC Private Risk Modeling Services Sustainability and ESG Tax services Workforce All capabilities Menu

Capabilities Audit and Assurance Menu

Capabilities Alliances and ecosystems Adobe Amazon Web Services Google Guidewire Microsoft Oracle Salesforce SAP Workday All alliances Menu

Capabilities Artificial Intelligence (AI) Menu

Capabilities Board governance issues Menu

Capabilities Consulting Menu

Capabilities Cybersecurity, Risk and Regulatory Menu

Capabilities Deals Menu

Capabilities Digital assets and crypto Menu

Capabilities Digital assurance and transparency Menu

Capabilities Engineering & AI Menu

Capabilities Enterprise Strategy Menu

Capabilities Financial Markets & Real Estate Menu

Capabilities Finance and Accounting Menu

Capabilities Financial statement audit Menu

Capabilities Front Office Menu

Capabilities Managed Services Menu

Capabilities Metaverse Menu

Capabilities Operations Menu

Capabilities PwC Private Family enterprises Law firms Private equity and portfolio companies Ultra high net worth individuals US inbounds Menu

Capabilities Risk Modeling Services Menu

Capabilities Sustainability and ESG ESG reporting Sustainability strategy Sustainable technology and digital Menu

Capabilities Tax services Menu

Capabilities Workforce Menu

Capabilities All capabilities Menu

Industries Industries Aerospace and defense Asset and wealth management Automotive Banking and capital markets Chemicals Consumer markets Consumer packaged goods Energy Energy and industrials Engineering and construction Financial services Gaming Health industries Health services Hospitality and leisure Industrial manufacturing Insurance Media Medical technology Pharmaceutical and life sciences Power and utilities Private equity Real estate Restaurants, wholesale and agriculture Retail Space Sports Technology Technology, media and telecommunications Telecommunications Travel, transportation and logistics Menu

Industries Aerospace and defense Menu

Industries Asset and wealth management Menu

Industries Automotive Menu

Industries Banking and capital markets Menu

Industries Chemicals Menu

Industries Consumer markets Menu

Industries Consumer packaged goods Menu

Industries Energy Menu

Industries Energy and industrials Menu

Industries Engineering and construction Menu

Industries Financial services Menu

Industries Gaming Menu

Industries Health industries Menu

Industries Health services Menu

Industries Hospitality and leisure Menu

Industries Industrial manufacturing Menu

Industries Insurance Menu

Industries Media Menu

Industries Medical technology Menu

Industries Pharmaceutical and life sciences Menu

Industries Power and utilities Menu

Industries Private equity Menu

Industries Real estate Menu

Industries Restaurants, wholesale and agriculture Menu

Industries Retail Menu

Industries Space Menu

Industries Sports Menu

Industries Technology Menu

Industries Technology, media and telecommunications Menu

Industries Telecommunications Menu

Industries Travel, transportation and logistics Menu

Technology Technology Alliances and ecosystems Delivery platforms Emerging technology Engineering & AI Products Tech-enabled services Tech Effect Menu

Technology Alliances and ecosystems Adobe Amazon Web Services Google Cloud Guidewire Microsoft Oracle Salesforce SAP Workday Menu

Technology Delivery platforms Concourse Sightline Menu

Technology Emerging technology Artificial Intelligence (AI) Digital assets and crypto Metaverse Responsible AI Web3 Menu

Technology Engineering & AI Menu

Technology Products Analytics Foundation Beacon Bookkeeping Connect Connected Solutions Enterprise Control Investor Survey Model Edge Next Level HR Profit Seeker Ready Assess Saratoga Risk Link View all products Menu

Technology Tech-enabled services Agile Commerce Carbon Ledger Culture Thumbprint Enhanced insurance analytics for Salesforce ESG Geospatial Climate Intelligence (GCI) Insights to Enablement Market Advantage Payer Advocacy Center Ready Command Shovel Ready Menu

Technology Tech Effect Menu

About us About us Alumni Analyst relations Investing in our people Newsroom Offices Our leadership Purpose and values Menu

About us Alumni Join the PwC Alumni Network Meet our alumni Menu

About us Analyst relations Menu

About us Investing in our people Menu

About us Newsroom Menu

About us Offices Menu

About us Our leadership Menu

About us Purpose and values Be Well, Work Well Environmental sustainability Inclusion Social impact

Featured

Tech Effect Menu

Careers Careers Why PwC Entry Level Careers Experienced Careers University Relations Menu

Careers Why PwC Benefits & Compensation The PwC Professional US Careers Podcast hub Menu

Careers Entry Level Careers Search opportunities Recruiting process Student Development Programs Advance Internship Military and Veterans Student programs quiz Menu

Careers Experienced Careers Search opportunities Contract opportunities Alumni Careers Military and Veterans Menu

Careers University Relations University Relations Faculty Newsletter

Featured

Shared success benefits Loading Results

No Match Found

View All Results Data risk is everywhere: 5 steps to manage it November 25, 2025 Share Copy Link Link Copied Close Check out the latest from our Data Risk series: NEW: Part 3
A framework for youth online privacy & safety: Keeping pace with regulation and innovation
Read now

Part 2
Beyond the back office: How to sustain data quality
Read now

Imagine trying to view the entire night sky by looking through a straw. It’s impossible. Yet for many business leaders, that’s how they view their organization’s data — in pieces and largely incomplete. These disparate, piecemeal views can prevent organizations from realizing data’s value and identifying underlying risks.

Many industry leaders already understand that data is foundational for an enterprise to function effectively, communicate, make strategic decisions and ultimately help drive revenue. The marketplace already expects companies to use data for those purposes — and to do so holistically, safely and wisely, with an articulated strategy. But it’s not often happening.

A chief data officer may be focused on data governance and quality. A chief financial officer may focus on reliable data to inform planning and decision-making. A chief risk officer may be concerned about data integrity and the accuracy of risk reporting. A chief information security officer may be concerned about classifying, encrypting and preventing the loss of sensitive data. A chief compliance officer may focus on data privacy and protection but also needs to think about how to marshal multiple departments together to help address various data management and compliance requirements. What these corporate leaders may be missing: Their siloed views mean that their data is functionally at a dead end. When it’s not incorporated into one ecosystem, data can undermine the foundation for business operations, transformation and growth.

That could mean anything from endangering large-scale migration from legacy systems, hindering the adoption of artificial intelligence (AI) capabilities, inhibiting the ability to expand a product portfolio, or diminishing reporting, intelligence and innovation. If data cannot be protected and collected in a safe manner, a lack of focus on these risks can also affect regulators and consumer trust.

48% of business executives say they're prioritizing data protection and data trust as their top cyber investment.

2025 Global Digital Trust Insights Survey Full stop: Data is a business imperative

There are signs that some industry leaders are starting to realize what’s at stake. In PwC’s 2025 Global Digital Trust Insights Survey, 48% of the business executives responding told us they’re prioritizing data protection and data trust investments over the next year, ahead of technology modernization and enhancement.

But if leaders understand data’s criticality and risks, why are they still falling short? Why do organizations still view data risk as a technology issue handled by the IT department, rather than an enterprise-wide business problem? Data risk is likely becoming everyone’s concern, no matter where they sit in the C-suite.

Those business leaders need a holistic strategy to help them align on the risks. Traditional data governance alone, while still important, is no longer enough.

Managing data risks and gaining an enterprise-wide view of data can require an elevated and more encompassing approach. Moreover, a company that executes its data strategy well may be on the receiving end of greater trust from stakeholders in the marketplace — be they regulators, consumers, investors or other companies.

Yes, data risk can be a complex business problem, but solving it doesn’t have to be. It starts by understanding data risk in its many forms.

1. Know what data risk really is 2. Go for overall (not some) visibility into your risks 3. Rally your teams and help build up their skills 4. Start (and keep) asking the right questions 5. Stop treating data risk as an afterthought 1. Know what data risk really is So, what exactly is data risk? At its core, data risk can be described as the exposure to financial or reputational harm caused by loss, limitations (e.g., inaccurate and poor data quality) and related issues to an organization’s ability to acquire, store, transform, move, protect and use its data assets.

While the concept of data risk is not new, the standards and expectations for mitigating risk to help maintain data quality and trust have only intensified in recent years due to many factors.

Stricter data compliance: There’s been a steady stream of global and state regulations — the Consumer Data Privacy Act, EU Data Act, California DELETE, Protecting Americans’ Data Act (PADFA) — that require businesses to prioritize data privacy or face potential legal consequences if they fail to comply. Accelerated cloud transformation: 72% of “top performers” surveyed in PwC’s 2024 Cloud and AI Business Survey are prioritizing data modernization and migration to the cloud. Integration of AI capabilities: In the same survey, 69% told us they’ve implemented cloud data modernization to power AI and help unlock insights for all areas of the business, from various data sources. Treat data risk as a business risk — otherwise, it can snowball quickly out of an IT silo into general business operations with unintended impacts. Here are some of the types of data risks that may be affecting your business.

Risk type Examples Business impact Data quality

• Data entry errors

• Technical errors

• Missing or misclassified data

• Inaccurate or incomplete requirements

• Poor system integration

Relying on poor data quality can lead to compliance issues, uninformed decision-making and financial loss Data protection

• Improper handling of customer data

• Data breaches from third-party vendors 

• Poor data encryption practices

• Unsecured APIs or integration points

Opening the door to privacy and security vulnerabilities that could compromise customer data and lead to reputational damage, ultimately losing trust Data loss

• Cyber attacks

• Inadequate backup and disaster recovery plans 

• Less reliable storage and availability

Experiencing an outage or downtime without access to important data to stay up and running, adding to possible response costs and putting customer relations at risk Data compliance

• Non-compliance with third party data privacy regulations

• Failure to identify and classify important data for disclosure, reporting, audit and retention

Facing regulatory scrutiny on data use and sourcing along with possible fines and disciplinary actions Data exposure

• Trade secrets or intellectual property theft

• Insider threats and employee misconduct

• Shadow IT and unsanctioned data usage

Losing a grip on access rights and controls and putting your competitive advantage at risk No matter the type of data risk, you should have a cohesive strategy so you can be better prepared to inventory the data, assess the risks, apply governance and protection according to the risk levels, and establish appropriate ownership. Enhanced visibility can be the key.

2. Go for overall (not some) visibility into your risks A data risk framework rooted in visibility can allow you to know and establish controls for your data, as well as unlock new doors to slice and dice that data for sharper insights and strategic benefits. Think of it as a digital paper trail that connects the data life cycle.

But visibility can fall apart if you only see certain pieces of the puzzle instead of the whole picture — back to the straw-in-the-sky problem. Historically, IT departments have managed the technical aspects of data, while compliance teams have focused on regulatory requirements. These and other functional areas can have their own objectives or even their own set of tools and controls. Moreover, data logs can be interpreted differently across environments.

This fragmented view could create redundancies, inefficiencies, increase risk exposure and derail transformation. Business leaders should get directly involved and not simply defer to IT and compliance to solve the problem.

3. Rally your teams and help build up their skills As the saying goes in sports, you can either play to win or play not to lose. The same can be said for data risk. There’s a significant difference between keeping things from going wrong and making sure things go right.

An important element of data risk management is not only technology, tools and systems, or even the data itself. It’s also about reinventing how the right people integrate their skills in one place to manage data across the life cycle.

In that sense, privacy, data, security, risk and technology teams across the enterprise should collectively identify, document and measure risks — together, in unison. Moving as one unit, these teams should better understand their environments. With this centralized, holistic approach, your organization can clearly articulate a data risk strategy to stakeholders, regulators and consumers.

This means that you should invest in upskilling and training your teams to meet new data demands. For example, role-specific training for both technical teams (data engineers and analysts) and non-technical stakeholders (compliance officers and executives) can help build foundational knowledge for understanding and acting on insights. Upskilling employees should include providing certifications in data governance, security and privacy, as well as engaging external experts to assess and validate your systems.

4. Start (and keep) asking the right questions Data risk should be everyone’s business. A candid assessment of your data across roles can reveal gaps and help you focus on your efforts. Consider challenging the executives in your C-suite by their specific roles.

CEO: Are different departments in our company keeping their data separate, preventing us from getting a complete picture to extract insights and make data-informed decisions? Are we prepared to manage privacy and exposure risk as we make our data more accessible? CFO: Are we confident that the data we rely on for making financial decisions is both reliable and up to date? What are our methods or tools for measuring its quality? CISO: Do we know where our data exists among on-premises and cloud environments and the exact sensitivities to determine appropriate security controls? Are controls established across our overall data modernization cycle? COO: Can we track, organize and manage our data from the moment we collect it to when we no longer need it? How are we maintaining the quality of our new and legacy data to support transformation efforts? CRO: What are the major risks associated with our data and where are we more vulnerable? Do we have risk and regulatory change management in place to handle new or evolving requirements? CDO: Do we have well-defined policies for managing our data? Is our data complete and accurate enough for gaining business insights? 5. Stop treating data risk as an afterthought Finally, companies embracing a data-first mindset should also change how they view data risk. Leadership should start treating it as a top-line business agenda. Addressing the risk inherent in enterprise data is just as critical as staying on top of data innovation and transformation.

For instance, while the promise of AI and emerging technologies adoption has amplified C-suite awareness of data’s value and has spurred greater investments in data, many departments, companies and even industries are just grappling with the risk side of that equation. Most fundamental data risk capabilities — discovery, cataloging, lineage — are essential for addressing traditional data deletion issues and upcoming challenges with unstructured data use. Organizations may need to double down on these efforts to increase their data and prepare for the future with new data uses.

Changing the view of data risk across the C-suite not only requires a new way of thinking but accountability across departments. Accountability should also stretch to third parties and other strategic relationships. Establishing data risk mitigation, policies and controls — ultimately, one of the leading practices for your organization — are important steps to balance protection with innovation.

More collective awareness, education, collaboration and ownership could help raise data risk to a top-of-mind business priority. This is no longer a back-office issue, but a front and center concern that, when addressed, can help your organization embrace the true value of data.

Contact us

Mir Kashifuddin

Data Risk & Privacy Leader, PwC US

Email

Joshua Rattan

Data Risk & Privacy Partner, PwC US

Email

Brian Fox

Data Risk & Privacy Partner, PwC US

Email Follow us Audit and Assurance services Consulting Tax services Newsroom Alumni US offices Contact us © 2017 - 2026 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see http://pwc.zhutiblog.com/com/structure for further details.

Privacy Data Privacy Framework Cookie info Legal Terms and conditions Site provider Site map Your Privacy Choices