Along with IBM, which founded the consortium, the Data Governance Council is backed by more than 35 of the company's customers and 17 other technology providers.
Some of the firms involved in the effort are already utilizing top-down data governance and risk management schemes to re-architect their IT and security systems and are seeing immediate benefits in lowering their exposure, Adler said.
Adler conceded that even for those early-adopters, the whole notion of applying risk management to their systems and operations goes slowly, but he said it is work that must be started sooner, rather than later, if organizations hope to see benefits in the coming years.
"A few years ago, the perception was that if you had a security breach, you should fire your chief information security officer, and clearly that was so naive because in the end, that was the one person who had the best understanding of how to protect a company," Adler said.
"Security today is an arms race handled on a weekly or daily basis, and most companies are so challenged by this process that they don't even have the bandwidth to be strategic about risk calculation," he said. "That has to change, and we instead need to hold people accountable who create the vulnerabilities; we will always have risk, but we need to start holding the average employee more accountable, and for those assessing [via risk management and governance techniques], that's already happening."