As digital ecosystems grow more complex and interconnected, cybersecurity leaders are being called to do more than just defend. AI governance and oversight have emerged as critical pillars of cybersecurity strategies.
Ever-changing regulatory requirements prompt organizations to align security efforts with broader compliance and accountability demands. The 2025 IBM Cost of a Data Breach Report revealed that 63% of breached organizations lacked AI governance policies. And 97% of AI-related breaches occurred in systems without proper access controls. These gaps are not just technical oversights. They are strategic vulnerabilities.
TD SYNNEX’s fourth annual Direction of Technology report underscores this issue. Governance and data management ranked among the top cybersecurity focus areas for 2026, with 74% of IT partners indicating plans to enhance these capabilities. Effective governance frameworks are essential for complying with evolving regulations. But many security providers don’t know where to start.
Govern: The New Pillar of Cyber Maturity
The original NIST Cybersecurity Framework, introduced in 2014, was built around five core functions: identify, protect, detect, respond, and recover. This was designed to help organizations manage and reduce cybersecurity risk.
The CSF 2.0 release in early 2024 introduced a sixth function: govern. This marked a pivotal shift. It recognized that cybersecurity must be embedded into companywide governance, risk management, and strategic planning.
NIST’s govern function emphasizes:
- Organizational Context: Aligning cybersecurity with mission, stakeholder expectations, and legal obligations
- Risk Management: Defining risk tolerance and assumptions to guide proactive defense
- Cybersecurity Supply Chain Risk Evaluation: Managing third-party risks beyond direct control. Prioritizing governance elevates cybersecurity from a technical framework to an organizational priority.
Coleen Ernst
This shift is timely. The IBM report showed that shadow AI incidents, where AI tools were used without oversight, added an average of $670,000 to breach costs. These incidents also led to widespread data compromise, with 65% involving customer personally identifiable information (PII) and 40% involving intellectual property.
No longer optional, governance is a cost-saving imperative.
CSF 2.0 at Work: Leverage the Cyber Defense Matrix
The Cyber Defense Matrix, a framework created by Sounil Yu, is a powerful way to operationalize CSF 2.0. This matrix maps cybersecurity capabilities across five asset classes: devices, applications, networks, data, and users. It also aligns them with the CSF’s core functions.
With the addition of govern, the Cyber Defense Matrix becomes a strategic tool for:
- Visualizing governance gaps across asset domains.
- Clarifying oversight roles and responsibilities.
- Aligning cybersecurity with business objectives and regulatory expectations.
This alignment is especially critical as AI-driven cyberattacks are more prevalent. IBM’s Cost of a Data Breach Report found that 16% of breaches involved attackers using AI, primarily for phishing (37%) and deepfake impersonation (35%). Without governance, these threats can escalate unchecked.
AI Governance and Oversight: From Awareness to Action
Pairing the Cyber Defense Matrix with CSF 2.0 bridges technical teams and executive leadership. Organizations can now build a strong culture of cybersecurity through:
- Strategic planning that highlights where governance structures are strong or lacking
- Operational alignment that shows how governance influences protection, and detection and response
- Cultural transformation that embeds cybersecurity into decision-making at every level.
Beyond firewalls and incident response, cybersecurity empowers businesses to predict and prepare for threats. This fosters accountability and builds resilience.
Embrace governance as a core function and leverage frameworks like the Cyber Defense Matrix. Using these, leaders can drive meaningful change, transforming cybersecurity from a reactive response to a proactive enabler of trust and growth.
Coleen Ernst is director, business development, high-growth technologies at TD SYNNEX.
Featured image: AI generated by Microsoft Copilot
