Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
AI Controls Matrix (AICM)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
CSA Training
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Trusted AI Safety Expert (TAISE)
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Controls
AI Safety
Enterprise Architecture
Blockchain
Zero Trust
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
AI Controls Matrix (AICM)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
CSA Training
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Trusted AI Safety Expert (TAISE)
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Controls
AI Safety
Enterprise Architecture
Blockchain
Zero Trust
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
CSAIChaptersEventsBlog
On April 2, CSA will offer 50% off online training and certificate exams. Get ready for CSA Day →

CSA Official Press Release

Published 03/31/2026

Home
Press Releases
Unstructured Data Surges as Enterprises Struggle to Maintain Visibility and Security, Cloud Security Alliance Study Finds

Unstructured Data Surges as Enterprises Struggle to Maintain Visibility and Security, Cloud Security Alliance Study Finds

Despite growing awareness of unstructured data risks, many organizations lag in scalable security as cloud, AI, and automation deployments accelerate

SEATTLE – March 31, 2026 – The Rise in Unstructured Data and AI Security Risks, a new survey report from the Cloud Security Alliance (CSA), the world’s leading not-for-profit organization committed to AI, cloud, and Zero Trust cybersecurity education, has revealed that traditional security and governance practices are straining to keep pace with the rampant growth of unstructured data. The survey, commissioned by Thales, the leading global technology and security provider, found that while three-quarters of organizations are confident in their ability to secure unstructured data, more than two-thirds (68%) report that less than 80% of their unstructured data is protected—a security gap exacerbated by limited visibility and distributed environments. 

Unstructured data is a prime target for breaches and cyberattacks because it often contains sensitive information yet remains difficult to track, govern, and secure at scale. The survey highlights strong concern among executives and IT professionals about gaining visibility into this unstructured (and potentially sensitive) data—often buried in documents, emails, chats, images, and other free-form files—where critical assets such as personally identifiable information (PII), financial records, intellectual property, and legal documents are housed. Scattered, inconsistently labeled, and difficult to monitor, unstructured data presents a high-value opportunity for attackers seeking credentials, confidential business plans, trade secrets, payment data, and other exploitable assets.

“The explosive growth of unstructured data—estimated by Gartner to account for between 70% and 90% of enterprise data—has become a defining characteristic of modern organizations. While it enables significant operational value, it also introduces substantial security risk. What is clear from this study is that as unstructured data continues to expand and spread across environments, many organizations are struggling to keep pace with the visibility, governance, and protections needed to manage it securely,” said Hillary Baron, AVP of Research, Cloud Security Alliance.

Among the survey’s key findings:

  • Unstructured data is fueling enterprise data growth. Organizations reported that unstructured data accounted for approximately 33% of enterprise data, with semi-structured data making up an additional 21%. Additionally, nearly a third (29%) stated that unstructured data accounted for more than half of their annual data growth. 
  • Persistent gaps in visibility, classification, and sensitive data awareness undermine unstructured data security. More than half (56%) of those surveyed indicated they have only partial visibility into where their data is stored. Despite listing security (74%), governance (57%), privacy (54%), and compliance (50%) as top concerns, companies are struggling to execute foundational controls such as sensitive data protection, access monitoring, and classification scanning.
  • Organizations are overestimating their ability to secure unstructured data. Seventy-five percent of organizations expressed confidence in their ability to secure unstructured data, even as 68% reported that a significant portion of their unstructured data remains unprotected. Still another 10% are unsure of their actual coverage. 
  • Fragmented tools, manual processes, and shared ownership limit scalability. Nearly one-third (32%) of organizations use 11 or more tools to manage their unstructured data, and of those, 12% rely on at least 21 tools. This tool sprawl also extends to the types of tools in use: data encryption (62%), cloud security (60%), application security (59%), and identity and access management (56%) are among the most popular.
  • Artificial intelligence amplifies existing security blind spots. Organizations view AI as both a top future threat (47%) and a core security capability (40%) for unstructured data. While many said they plan to rely on AI for detection, classification, and automation, foundational gaps remain. Only 9% of organizations reported having real-time scanning capabilities, and 23% can’t scan at all, raising concerns that AI may amplify existing blind spots rather than improving security outcomes.

”As the CSA research highlights, today's organizations are generating and sharing unstructured data at a pace that traditional tools and governance models were never designed to handle. This puts them at a critical point of failure, where inconsistent and manual approaches can no longer keep up with the volume, velocity, and distribution of data across cloud, collaboration platforms, and AI-driven environments. Without addressing these gaps, AI, automation, and emerging technologies like post-quantum cryptography will only increase exposure. Establishing a unified, scalable approach to securing unstructured data is now an operational imperative,” said Todd Moore, Vice President, Thales Data Security. 

The survey and report were commissioned to better understand the industry’s knowledge, attitudes, and opinions regarding unstructured data, its security and challenges. Thales financed the project and co-developed the questionnaire with CSA research analysts. The survey was conducted online by CSA in November 2025 and received 210 responses from IT and security professionals from organizations of various sizes and locations. CSA’s research analysts performed the data analysis and interpretation for this report.

Download The Rise in Unstructured Data and AI Security Risks.

About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading not-for-profit organization committed to awareness, practical implementation, and credentialing of forward-looking cybersecurity topics, including AI, cloud, and Zero Trust. In an era where digital transformation drives business success, CSA stands as the global authority ensuring organizations can operate securely while harnessing cutting-edge technology. Through volunteer-driven research, globally-accepted standards, and award-winning vendor-neutral education programs that unite technical experts, industry practitioners, and varied associations, governments, chapters, and corporate members, CSA bridges the gap between innovation and pragmatic security execution. Visit CSA’s website to learn more.

 

Media Contact
Kristina Rundquist
ZAG Communications for the CSA
[email protected]

Share this content on your favorite social network today!

About Cloud Security Alliance

The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.

For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.