By Verrion Wright, Director of Content Strategy & Development at BigID. BigID were finalists in the ‘Best Cloud Data Management Solution’ category at The 2024/25 Cloud Awards.

AI (Artificial Intelligence), the modern-day Wizard of Oz, has emerged as a powerful force, seemingly all-knowing and with answers to all our questions.

Yet, as we traverse this technological landscape, we find ourselves on a yellow brick road, grappling with the complex issues of privacy, security, and compliance.

Let’s follow Dorothy’s journey down this yellow brick road and draw parallels between her encounters with the Scarecrow, Tin Man, Lion, and the Wizard and a C-suites (CISO, CPO, CDO, CIO) experiences in meeting the demands of privacy, security, risk, and compliance with AI.

Now, how can this cult classic from the early 1900s possibly relate to our newly found digital world? Well, we live in a world where cybercriminals can be downright “Wicked.” (Pun definitely intended!)

The Scarecrow – The Brains Behind Data Risk & Compliance

In The Wizard of Oz, the Scarecrow is Dorothy’s first travel companion, and he is portrayed as a lovable character who believes he lacks a brain. Throughout his journey with Dorothy and her companions, the Scarecrow proves time and time again that he is full of wisdom, quick thinking, and strategic insight—critical qualities that governance, risk, and compliance (GRC) professionals need to protect an organization. These professionals are the true “brains” behind ensuring that an enterprise remains compliant, secure, and ahead of the curve.

Data risk and compliance professionals often operate behind the scenes—navigating complex regulations, managing risk frameworks, and implementing data protection measures. They might not always be in the spotlight, but they are the thinkers behind every compliant decision and strategic risk mitigation plan, ensuring the company avoids breaches and regulatory fines.

Strategically mitigating and remediating risk is easier said than done, as the average cost of data breaches in 2024, according to the recent IBM breach report, has hit an all-time new high of 4.88M, while 40% of data breaches involved data stored across multiple environments.

Throughout the journey to the Emerald City, the Scarecrow helps guide his friends around dangerous pitfalls. So, just as the Scarecrow assesses the threats in their journey, these professionals assess risks to critical data assets, ensuring that the enterprise complies with evolving regulatory requirements while protecting sensitive information in the cloud or on-prem.

They work tirelessly to ensure compliance, but their contributions are sometimes taken for granted—until a data breach, compliance failure, or massive fine highlights the importance of these unsung heroes.

The Tin Man: Data is the Heart of Privacy

Even though the Tin Man didn’t have a heart, he was an emotionally complex character who embodied many good traits, such as love, bravery, compassion, and kindness, which were showcased throughout the movie. Similar to how the Tin Man was protective of Dorothy, data privacy professionals are truly focused on protecting the people we love, protecting their data (sensitive/personal information), which is at the heart of data privacy regulations.

As new data privacy regulations continue to emerge, consumers have grown more privacy-conscious, and data privacy has become a more essential aspect of their lives and overall experience.

A 2020 KPMG study reveals the importance of data privacy and how consumers would like corporations to take significant steps towards better protection, management, and the correct use of their data. Essentially, consumers are asking corporations to have a heart when it comes to handling their personal data. The study finds that:

• 56% of consumers say companies should prioritize giving them more control over their data
• 87% maintain that data privacy is a human right
• 91% say corporations should take the lead in establishing corporate data responsibility

Consumers now view data privacy as a human right, which aligns with the overarching theme of humanity and the importance of having a heart. Data privacy, like the Tin Man, is a gentle reminder to be compassionate and kind, as he would even shed tears at the thought of harming an innocent person or creature.

Now, the onus is on businesses to establish a privacy-first approach by putting their customers at the forefront and fulfilling customer expectations regarding their data privacy.

The Cowardly Lion: The Courage to Protect the Data

The Cowardly Lion is a character who believes he lacks courage, yet he constantly demonstrates bravery in the face of danger. Just like the lion, the cybersecurity industry often grapples with fear—fear of the unknown, fear of data breaches, and fear of evolving cyber threats. It is quite understandable because data breaches continue to rise, as there were 2,365 cyberattacks in 2023, with 343,338,964 victims. While the total cost of damages incurred by cybercrime is expected to reach $10.5 trillion by 2025, which is larger than 90% of countries GDP.

Just like the Lion, cybersecurity teams may initially feel overwhelmed by the scale of the task at hand—after all, cybercriminals are becoming more sophisticated by the day. But despite this fear, they must dig deep and find the courage to confront these challenges, knowing that the stakes are high: the safety of their organization’s sensitive data and overall security.

The Wicked Witch of the West and her flying monkeys represent a constant looming threat, much like the persistent and ever-present danger of cyberattacks. However, just as the Lion, Dorothy, and their friends find clever ways to outwit the Witch, cybersecurity professionals must overcome the fear of cyber threats by developing strategies, implementing technologies, and adopting a proactive approach. It’s not the absence of fear that leads to success—it’s using that fear as motivation to stay vigilant, stay ahead of attackers, and secure the organization’s most valuable assets.

Just as the Cowardly Lion embarks on a journey to discover his inner bravery, cybersecurity professionals must continuously find the courage to tackle a wide array of complex and evolving threats. The fear of breaches, hacks, and vulnerabilities is real—but it’s the courage to face those fears head-on, to act in moments of uncertainty, and to continuously adapt that makes cybersecurity professionals the true lions of the digital kingdom. They may face doubts, but their daily actions, resilience, and strategic problem-solving prove that they are the brave protectors of today’s organizations—facing the wicked witches of cybercrime with courage, heart, and intellect.

The Wizard of OZ: The Great & Powerful Artificial Intelligence

The Wizard is initially seen as a powerful, almost omniscient figure who can solve the problems of Dorothy and her companions with the wave of his hand. However, as we later find out, the Wizard’s powers are more illusion than reality, and his true strength lies not in magic, but in his ability to provide guidance and tools for self-reliance. Similarly, AI automation in cybersecurity, data privacy, and compliance may at first appear to be an all-powerful solution, but its real value lies in how it enhances human capabilities, provides strategic insights, and helps organizations achieve their goals.

At the start of Dorothy’s journey, the Wizard is believed to have almost god-like powers capable of solving all problems. Likewise, AI automation is often hailed as the answer to many of the modern enterprise’s challenges in cybersecurity, data privacy, and compliance. From advanced threat detection to data risk assessments to automatic compliance reporting, the perception is that AI can do it all—quickly, efficiently, and with minimal human intervention.

However, much like the Wizard, AI automation doesn’t perform magic. It works within the framework of the data, models, and algorithms that humans provide. While AI can process vast amounts of information and identify risks or anomalies faster than any human, it is still fundamentally a tool—a powerful one, but not an all-seeing, all-knowing entity. The illusion of omnipotence fades when we realize that AI automation is most effective when paired with human oversight and strategic direction.

For instance, AI-driven systems may not always understand the full context of a data breach or regulatory change, making human interpretation and decision-making critical. AI can point to potential problems, but organizations still need skilled GRC, cybersecurity professionals, and privacy officers to pull back the curtain, make sense of the data, and take informed actions to address real-world challenges.

According to the 2024 IBM Breach report, organizations that applied AI and automation to security prevention saw the biggest impact in reducing the cost of a breach, saving an average of USD 2.22 million over organizations that didn’t utilize AI technologies.

Just like AI, the Wizard ultimately empowers Dorothy and her friends to solve their own problems by giving them the tools they need to succeed. AI automation, when implemented effectively, plays a similar role in the domains of cybersecurity, data privacy, and compliance. It empowers organizations to work more efficiently, reduce manual errors, and focus on higher-level strategic tasks.

In all these cases, AI is not the hero of the story—it is the enabler, providing the tools and insights necessary for teams to take decisive action.

Just like the Wizard, AI automation helps organizations see the path forward, but it is up to them to walk down that yellow brick road. By combining the capabilities of AI with human insight and strategic planning, organizations can overcome the challenges of today’s digital landscape and emerge victorious, just like Dorothy and her friends on their journey through Oz.