Globally, there are numerous laws, regulations and other legal requirements for your organisation to protect the security and privacy of digital and other information assets aligned with the regulations apply to your specific industry. Your organisation is always Responsible and Accountable for your customers data safety. Across multiple territories and geographic locations, privacy laws and regulations require the implementation of measures to adequately protect Personal and Personally Identifiable Information (PII).
This include protection from unauthorised access, modification, loss, amendment or alteration, with the failure to protect PII potentially resulting in legal challenges fines and imposed actions (including restrictions around the processing and collection of personal information). These consequences can couple with other nonlegal impacts such as reputational damage, loss of consumer and customer confidence, and competitive disadvantage.
Cyber Security Governance is the comprehensive establishment of Decisions, Policies, Standards, Guidelines, Baselines and Procedures that frame a Solid and Enhanced Security construct.
If your organisation is concerned with security, there are frameworks which you can use i.e. GDPR for data privacy, PCI DSS for credit card payments, HIPAA for health records, GLBA for financial records, GAP for accounting, SOX for shareholders and etc.