Around the world, security leaders say they are struggling to balance the need to appropriately secure their data and the need to maximise efficient use of this data to hit their business objectives, according to a study produced by analysts at Gartner, who found that only 14% of cyber leaders were keeping on top of this.The analysts poll of 318 senior security leaders conducted in the summer of 2024 found 35% were confident they could secure data assets, and 21% were confident they could use data to achieve their business goals. The ability to do both was beyond six in seven.Nathan Parks, senior specialist for research at Gartner, said this was clearly something that needed to be addressed.With only 14% of SRM leaders able to secure their data while supporting business goals, many organisations can face increased vulnerability to cyber threats, regulatory penalties and operational inefficiencies, ultimately risking their competitive edge and stakeholder trust, he said.In light of its findings, Gartner has developed a five-point checklist for security leaders security and risk leaders, in its parlance to better align their business needs to stringent data security requirements, and successfully achieve both effective data protection and business enablement goals:CISOs should try to ease governance-related friction for the business by co-creating data security policies and standards with input and feedback from end users across the business;They should try to align data-security related governance efforts through partnering better with the businesss other internal functions to identify areas of overlap and potential synergy;They should clearly identify and delineate any non-negotiable cyber security requirements that the business must absolutely meet when handling previously unknown or unexpected data security risks;On generative artificial intelligence (GenAI) and decision-making related to it, they should take care to define appropriate, high-level guardrails that enable stakeholders to experiment within set parameters;And finally, they should collaborate with the businesss data and analytics teams to secure board-level buy-in on data security levels.Gartners final point, on building more effective working relationships with senior leadership whose core work is not invested in cyber security, is a perennial thorn in the side of many security leaders, who frequently lament diverging attitudes.This was highlighted in a recent study published by Cisco-owned security analytics and observability specialist Splunk, which polled chief information security officers (CISOs) in 10 countries, including the UK and US. Splunk found that CISOs were increasingly participating in boardrooms, but highlighted big gaps between their priorities and other board members.For example, said Splunk, when it came to innovating with emerging tech, such as GenAI, 52% of CISOs spoke of this as a priority compared to 33% of other board members, on upskilling or reskilling cyber employees, 51% of CISOs thought this was a priority compared with 27% of board members, and on contributing to revenue growth initiatives, 36% of CISOs said they prioritised this, compared with 24% of board members.Though the full report is more nuanced than these statistics might suggest, the study also showed that only 29% of CISOs thought they were getting the budget they needed to work effectively, while 41% of board members felt security budgets were absolutely fine.Read more about CISO attitudes and trendsThe healthcare CISO role involves more fiduciary responsibility and cyber security accountability than in years past.Elastic CISO Mandy Andress argues that security leaders should be seeking to build closer ties with their organisational legal teams.Those who get the role of a CISO may have overcome some professional hurdles, but are they ready to face what comes as part of the job? And who do they ask for advice? We look at the mentoring dilemma.