Legacy Security Tools Are Failing Data Protection, Capital One Software Report Finds

The Forrester snapshot, conducted in February 2026 with 211 North American IT and analytics directors, paints a stark picture of today’s security landscape. While 72 % of respondents say data security is more critical than ever, 70 % still rely on traditional network defenses such as SASE, firewalls and IDS/IPS, and 60 % depend on legacy vulnerability tools. These siloed solutions leave more than half of organizations without full visibility into their attack surface, a gap that erodes both risk posture and competitive agility in an increasingly data‑driven market.

That blind spot becomes especially perilous as enterprises accelerate AI initiatives. Autonomous agents can bypass human controls, magnifying the danger of unintended data exposure if security cannot keep pace. The report underscores that AI adoption is effectively impossible without security that is fast, flexible, and AI‑ready. Tokenization, which can both reduce exposure and unlock data value, remains underutilized—only about one‑third of decision‑makers have deployed it—representing a clear opportunity to enhance privacy while driving data‑centric ROI. Adopting tokenization also simplifies compliance with emerging data‑privacy regulations.

For CIOs and security chiefs, the path forward involves moving beyond static, perimeter‑based defenses toward integrated, cloud‑native platforms that provide real‑time visibility and automated response. Priorities identified for the next year—protecting enterprise data at scale, improving overall posture, and boosting operational efficiency—align with emerging solutions that combine identity, access, and data protection in a single fabric. Vendors that can deliver tokenization, AI‑aware threat detection, and seamless scalability are likely to capture market share as organizations scramble to modernize their security stack and sustain AI‑driven growth.