Veil of Security: The Corporation

W

hy do vehicles have brakes? Many would say it's so that you don't slam into a tree or run over the squirrel scampering across the road. However, I would argue that we have brakes so we can go faster. If we were only going at speeds of 5 mph, we could stop like Fred Flintstone, but that's not what we want. We want to be going Mach 2 with our hair on fire. Security functions as the brakes of the organization, enabling them to move quickly while maintaining control and safety, thereby allowing businesses to accelerate growth and increase their top line.

Unfortunately, many organizations still view security as a necessary evil, treating it as a pure expense rather than recognizing its critical role in sustainable growth. In my ten years of experience in security and risk management, I’ve seen it all—from hyper-aggressive CEOs financially punishing staff for failing phishing tests, to IT 'specialists' neglecting basic password policies while granting users Domain Administrator privileges. Rarely did I encounter executive teams with well-thought-out and balanced approaches to security and digital risk management. Though there are plenty of exceptions, any overwhelming amount of organizations fall into three categories: those that are heavily regulated and simply want to check the box, those that have experienced a significant breach and overcompensate, and those that still see security as a burden. Far too few view security as a strategic investment that empowers businesses to innovate, scale, and confidently protect their valuable assets.

IBM - Average Cost of Data Breach - 2024

In 2024, the global average cost of a data breach is $4.88 million, and as shown in the chart above, all industries face significant financial impacts from breaches. [1] These costs aren't limited to immediate financial loss; they include long-term damage to reputation, customer trust, and even regulatory fines. Now, there are some incredible minds in the security field and departments that are run with precision and innovation, with forward-thinking strategies. However, is the solution for the organizations lagging behind stronger enforcement on employees, acquiring flashy new A.I. security tools, or outsourcing the responsibility to security firms? No. High levels of employee stress have been shown to lead to more non-compliance [2], the wrong tools can either require a PhD or create significant operating costs, and as we saw yet again this year, even security-focused companies like LastPass can fall victim to breaches. [3]

How, then, can this mirage be replaced with a strong, well-oiled set of brakes? As epic as it might be to take over the CEO's laptop and display a video of Wayne Knight wagging his finger, the real solution lies not only in leveraging simple, fundamental security controls but, more importantly, in regularly conducting simulated breach exercises. Verizon’s most recent Data Breach Investigations Report indicated that 68% of breaches involved a human element. [4] This is a staggering figure, especially given the major emphasis that continues to be placed on implementing technological controls and tools.

While well-designed, secure system controls are essential, the data clearly shows that organizations continue to struggle with the human factor. The primary focus should be on equipping employees with the skills to recognize threats, respond effectively, and make security-conscious decisions in real-time. By integrating not only hands-on training but also regular breach simulations, organizations can foster a culture where security becomes second nature to all staff, not just the IT department. This cultural shift transforms security into a strategic advantage—one that drives innovation and growth while safeguarding businesses from costly breaches. Ultimately, it’s this human-centered approach, driven both from the top down and the bottom up, that will determine whether security becomes a true enabler of success or remains an overlooked risk.