Data driven decision making around data security – Is this a myth?