Navigating the threat landscape in 2018 is complicated, not only by the ever-changing tactics of attackers, but also by the looming enactment of the European Union’s General Data Protection Regulation. As security practitioners attempt to steer clear of such complications, they will have to find ways to interact effectively with executives and boards of directors who are increasingly taking a more proactive role in understanding the risks associated with their organizations’ digital assets. The effort to better manage those data risks requires greater coordination across organizational boundaries, an examination of what constitutes the company’s crown jewels, where they exist, and how they are handled across the organization. With those insights, security practitioners can more effectively prioritize their protections (and budgets) instead of trying to boil the ocean and protect everything.