The Signal

Data protection just overtook identity as the second most active buying signal across the DoGood network.

In the last 14 days, the network logged 46 new priority submissions from enterprise IT leaders. Of those, the largest emerging cluster centers on DLP, DSPM, and data classification. Two months ago, identity (IAM, PAM, zero trust) held the #2 spot behind AI governance. It no longer does.

The pattern is consistent: organizations moving to multi-cloud are discovering they cannot answer a basic question. Where does our regulated data live? These are not survey responses about concern. They are active evaluations with budgets forming behind them. Security leaders at Fortune 500 financial firms, top-10 banks, and major healthcare systems are all launching data security projects in the same 30-day window.

From the Network

"We are migrating from on-prem to multi-cloud and lack visibility across our cloud, SaaS and AI workloads. I am looking for a DSPM vendor to do proactive discovery and classification of regulated and enterprise critical data."

— Information Security Leader, Financial Services

"I am looking at a data security project. I'm looking for a solution to improve visibility into SaaS and AI workloads in a healthcare environment."

— Director of IT, Healthcare

"I am working on a DLP initiative to improve network visibility."

— Product Security Head, Banking

Three industries. Three separate evaluations. The same gap: visibility into where sensitive data lives and how it moves.

The Context

On March 24, hackers breached the European Commission's AWS cloud infrastructure, stealing over 350GB of data from the Europa.eu web platform. AWS confirmed the compromise resulted from stolen account credentials, not a platform vulnerability. The Commission's internal systems were not affected, but the breach exposed data across multiple EU entities. The ShinyHunters extortion gang claimed responsibility.

This is a case study in the exact gap the network is flagging. The Commission's web infrastructure sat in cloud accounts with data that was never fully classified or monitored. Credential compromise gave attackers access to data stores that should have been segmented, classified, and restricted. The tools to prevent this exist. They were not deployed.

Bottom Line: When a 350GB exfiltration from a major government's cloud infrastructure goes undetected until the attacker announces it, the data visibility gap is not theoretical. It is operational.

What to Do About It

Audit where your regulated data lives across cloud, SaaS, and AI workloads this quarter. If answering that question requires asking three different teams, you have the same gap the network is actively closing. Start with a data discovery exercise before evaluating DSPM tooling.

Every data point in this brief was sourced from the DoGood network. Add your voice. Join 5,000+ IT leaders

The CXO Brief is powered by the DoGood network — 5,000+ IT leaders sharing what they're actually working on.

Know a CIO who needs this? Forward it — they can subscribe here.

Keep Reading

© 2026 The CXO Brief.
Report abusePrivacy policyTerms of use
beehiivPowered by beehiiv