You Can’t Protect What You Can’t See: Why Data Governance Is the Foundation for AI Security in Financial Services

$5.56 million.

That’s the average cost of a single data breach in financial services — 25% higher than the $4.44 million global average, according to the IBM/Ponemon Institute Cost of a Data Breach Report 2025. Financial services ranks as the second most expensive industry for breaches, trailing only healthcare.

But the statistic that should truly concern security leaders: only 21% of financial services data is formally classified (Blancco Technology Group, 2025). Nearly 4 out of every 5 data assets in your institution exist without a sensitivity label, without access governance, and without a clear picture of where they live or who can reach them.

As organisations rush to adopt AI, this classification gap takes on an entirely new dimension. You can’t govern AI if you haven’t governed the data that feeds it. Data governance isn’t just a compliance exercise — it is the foundational security control upon which every AI governance initiative must be built.

Credit unions and financial institutions face an unrelenting barrage of cyberattacks. The NCUA reported 1,072 cyber incidents in a single 12-month period (September 2023–August 2024). Approximately 70% of these incidents originated from third-party vendors — organisations whose data governance practices your institution cannot directly control.

The regulatory landscape amplifies this urgency. Financial services regulatory fines surged 417% in H1 2025, reaching $1.23 billion globally (Fenergo, 2025). Full-year penalties for AML, KYC, sanctions, and customer due diligence violations totalled $3.8 billion. Regulators are sending a clear signal: institutions that cannot demonstrate governance over their data will pay.

The common thread: institutions did not have visibility into where sensitive data lived, how it moved, or who had access. Without data governance as the foundation, every downstream security control — including AI governance — operates in the dark.

Most security investments focus on perimeter defence — firewalls, intrusion detection, endpoint protection. These are necessary but insufficient. Today’s breaches increasingly exploit what lies inside the perimeter. And with AI adoption accelerating, the attack surface is expanding in ways that traditional security cannot address:

• Unclassified sensitive data in shared drives, legacy systems, and cloud repositories — invisible to access policies and AI governance tools alike.
• Over-provisioned access where employees have visibility into data they don’t need, violating least-privilege principles that AI systems then inherit.
• Shadow data repositories that security teams don’t know exist — forgotten databases, test environments with production data, archived file shares.
• Third-party data flows moving sensitive information to vendors and cloud providers without classification or governance frameworks.
• AI models consuming unclassified datasets, creating entirely new attack surfaces. If you haven’t classified the data, you cannot control what AI does with it.

This is the critical insight: AI governance without data governance is an illusion. You cannot build acceptable-use policies for AI tools if you don’t know which data is sensitive. You cannot prevent employees from feeding confidential records into ChatGPT if those records were never classified as confidential in the first place. Data governance is not a parallel initiative to AI security — it is the prerequisite.

The IBM 2025 report makes this connection explicit. 13% of organisations reported breaches tied directly to AI models or applications. Of those breached, a staggering 97% lacked proper AI access controls. The root cause in nearly every case? The data entering those AI systems was never classified or governed to begin with.

In financial services, the gap between awareness and action is stark. Kiteworks’ analysis found financial firms show the highest concern about data leaks (29%) but the lowest implementation of technical controls (just 16%). Despite handling account numbers, transactions, and financial records daily, speed and convenience consistently win over governance.

The flip side is equally compelling: institutions using AI and automation extensively in their security operations saved an average of $1.9 million per breach and reduced their breach lifecycle by 80 days (IBM, 2025). AI is both the threat and the solution — the difference is whether it operates on a governed data foundation.

The NCUA’s 2025 Annual Report revealed that approximately 73% of reported cyber incidents in the initial 8-month reporting period were related to third-party vendors. As NCUA Chairman Todd M. Harper stated, “approximately 90% of the industry’s assets are managed by third-party service providers with no NCUA oversight.”

The Marquis Software breach is the defining case: a single vendor compromise cascaded to 74+ banks and credit unions. Blaze Credit Union in Minnesota alone had to notify 235,000 members that their data was exposed through no fault of their own systems. Without classification of what data flows to third parties and continuous monitoring of how they handle it, you are accepting risk you cannot measure.

The institutions that avoid breach headlines don’t treat data governance and AI governance as separate initiatives. They recognise that data governance is the foundation upon which AI governance is built. Here is the framework that works:

1. Classification-First Security

Before any access is granted — to a human or an AI system — every data asset is tagged by sensitivity level. This continuous process powers both traditional access controls and AI governance policies simultaneously:

• Automated data discovery across cloud, on-premises, SaaS, and vendor systems
• Sensitivity tagging at ingestion: every new data asset classified before it enters production or AI workflows
• Dynamic classification that evolves as data moves, transforms, and is shared
• Classification directly drives access management — for both human users and AI tools

2. AI-Specific Data Governance Controls

The IBM report found that 63% of breached organisations lack any AI governance policy. Among those with policies, only 34% perform regular audits. A practical framework for financial services:

• AI tool registry: Maintain a catalogue of approved AI tools. Any tool handling financial or personal data must pass security review before deployment.
• Data classification gates for AI: Sensitive data — PII, financial records, health information — must be flagged and blocked from entering unapproved AI systems. This is only possible when the data is already classified.
• Technical access controls: Prevent sensitive data from being uploaded to unauthorised AI tools. The 97% figure for lacking AI access controls among breached organisations highlights this as the single largest gap.
• Audit trails: Every AI interaction involving institutional data should be logged for compliance and forensic investigation.
• Employee education: A 2025 survey found 60% of workers used AI tools at work, but only 18.5% were aware of any official policy. Closing this gap is foundational.

3. Continuous Governance Across the Vendor Chain

With 70–73% of incidents originating from third parties, periodic vendor assessments are inadequate. Leading institutions implement:

• Real-time monitoring of third-party data handling practices — not annual questionnaires
• Data lineage tracking from ingestion to reporting, across every handoff point
• Contractual requirements for classification standards aligned to your governance framework
• Automated alerts when vendor data practices deviate from agreed baselines

A comprehensive data governance and classification programme — including AI-specific controls — represents a fraction of the $5.56 million average breach cost. For institutions managing thousands of member records, the question isn’t whether you can afford governance — it’s whether you can afford to go without it.

Phase 1: Visibility (Days 1–30)

• Conduct a comprehensive data flow audit: map every touchpoint where personal and financial data is collected, stored, processed, and shared
• Identify shadow data repositories — databases, file shares, and cloud buckets absent from your official inventory
• Inventory all AI tools in use across the organisation, including unauthorised shadow AI
• Assess consent architecture: can you demonstrate explicit, informed consent for every data processing activity?

Phase 2: Classification & AI Controls (Days 31–60)

• Deploy automated data classification tools across your highest-risk environments first
• Establish classification taxonomy aligned with regulatory requirements (GLBA, PCI-DSS, state privacy laws)
• Tag and label all data flowing to third-party vendors
• Implement AI-specific classification gates: block sensitive data from entering unapproved AI workflows
• Deploy technical controls preventing uploads to unauthorised AI tools

Phase 3: Governance & Monitoring (Days 61–90)

• Align access controls to classification: enforce least-privilege for both human users and AI systems
• Establish continuous monitoring for data movement and access anomalies
• Build vendor governance framework with classification requirements in contracts
• Formalise AI governance policy: approved tools, prohibited data types, audit procedures, and employee training
• Report to the board: present a quantified risk picture using the data you’ve now mapped

In 2026, the conversation about AI governance is everywhere. But most organisations are starting in the wrong place. They’re writing AI policies without knowing what data those policies need to protect. They’re deploying AI tools without classifying the data those tools will consume.

Data governance is not a parallel initiative to AI security. It is the prerequisite. With 79% of financial data unclassified, shadow AI proliferating unchecked, and third-party vendors accounting for seven out of ten incidents, the attack surface isn’t shrinking. Every day without comprehensive data governance is another day your AI governance policy is built on sand.

The institutions that will thrive are those that recognise what the data has been telling us all along: govern the data first, and AI governance follows. Skip this step, and no amount of AI policy will protect you.