Data breaches become more likely when attackers capture abandoned files, including personal information, financial records, or confidential business data, Vibert says. “These forgotten or unmanaged pieces of data often lack strong protection, making them attractive targets.” Furthermore, stale data can equip cybercriminals with valuable historical information, enabling them to craft more convincing phishing emails or social engineering attacks, thereby increasing the likelihood of successful breaches.

8. Not building a bridge to the business

Ineffective communication with nontechnical stakeholders can lead to misunderstandings and confusion, sowing distrust, lack of support for security initiatives, and growing challenges when seeking security budget approvals, says Jeff Orr, director of research, digital technology with global technology research and advisory firm ISG’s Ventana Research.

Orr advises using business terminology to convey critical security issues and their impact on business objectives. “Offer examples to help relate security concepts to business activities,” he says, advising CSOs to also bring clarity to security reports. “Review how security decisions can be related to business impact.”