Every company needs to develop a data-driven security defense to align mitigations with the most relevant threats a company faces. The idea is to prioritize your own local threat experiences over outside data sets, focusing on root-cause analysis. By averting our eyes from the relevant data, we often implement mitigation that are not only useless, but hurtful. The average company has very little relevant computer security data about their own data about its own threats, says John Defterios. He predicts that within 10 years, nearly every decision will have to be backed by data.”]
Source: https://www.csoonline.com/article/3171128/build-your-security-defense-on-data-not-guesswork.html