There's a great Statista graph that shows the size of the datasphere in zetabytes. We're addicted to collecting and harvesting data, and the hockey stick just continues to get sharper and sharper and sharper. And every piece of data that you collect and keep puts more mathematical burden on the people who are trying to secure it.
And where I think the wheels come off the tracks. You've gone back to a SOC analyst. The most valuable labor hour you have in an enterprise is probably the SOC analyst. So when you ask a SOC analyst, "Which of these two pieces of organizational data are more valuable?", you're wasting the most valuable resource in your company, in your SOC, on a calculation they can't make. The business owner knows which piece of data is more valuable. They're not involved. They're not in the SOC.
This is a great opportunity to invert the pyramid on labor. What if regulated data could only stay inside a working boundary that included SaaS, that included the data center, that included the desktop, but not the hard drive of the user? What if we didn't let data escape that boundary and wander around Starbucks? Would we reduce our labor? And if we didn't care about data transferring inside that boundary, would we ever ask a SOC analyst to make a value judgment about which piece is more important?