Legacy Security Tools Fall Short on Data Protection

Traditional security frameworks are actively undermining organizations’ ability to protect sensitive information, even as a vast majority of IT leaders acknowledge that data security has never been more urgent. A new study commissioned by Capital One Software and conducted by Forrester reveals that 72 percent of security professionals agree on the heightened importance of data protection, yet investments in conventional network and perimeter security tools are actually hindering adequate safeguards.

The research argues that without a fundamental shift in how data is protected, AI adoption becomes “impossible.” As AI agents operate autonomously and often bypass human oversight, the potential for accidental data exposure grows significantly.

A major obstacle identified is the reliance on legacy siloed solutions. More than half of survey respondents admitted they lack full visibility into their vulnerabilities. Nearly half also conceded that their organizations cannot compete effectively under current data security processes.

When the study was conducted in February 2026, organizations were deploying multiple tools to meet their data security objectives. These include network security technologies such as SASE, firewalls, VPNs, and IDS/IPS systems, used by 70 percent of respondents; identity and access management (IAM) systems, employed by 65 percent; and vulnerability management tools, utilized by 60 percent.

“While many organizations believe their current tools adequately protect their data, legacy solutions lack the speed, flexibility, scalability and AI readiness required today,” the study, titled A 2026 Snapshot on the State of Data Security, stated.

Capital One Software emphasized in a statement that modern data security must evolve beyond static, perimeter-based approaches to address the constant movement of data across cloud and AI environments. Organizations need integrated strategies that both protect data across all environments and enable it to drive business value, including flexibility, sovereignty, and support for emerging AI use cases.

The firm argued that creating value with data should be the primary motivator for protecting it, and tokenization can play a key role. Two-thirds of decision-makers currently do not use tokenization solutions, highlighting a significant opportunity. Tokenization reduces risk and expands data use, allowing organizations to maximize their data return on investment (ROI).

According to the study, IT leaders outlined their security priorities for the next 12 months. These include protecting enterprise data at scale (66 percent), improving overall security posture related to external threats (64 percent), taking a more proactive approach to security (63 percent), investing in or updating technology to support better operational efficiency and customer experience (62 percent), and improving overall security posture (58 percent).

The research surveyed 211 North American director-level and above decision-makers in IT, data, and analytics who are responsible for their organization’s security and risk technology strategy. Capital One Software is an enterprise B2B software firm focused on providing cloud and data management solutions for companies operating in the cloud.