Many companies continue to rely on piecemeal solutions, such as increasing cybersecurity insurance or adding more security tools
A recent report by Google, conducted in collaboration with the Hypothesis Group, reveals a stark warning for organisations: incremental improvements to cybersecurity are no longer sufficient. The study, which surveyed over 2,000 decision-makers from the US, UK, India, and Brazil, underscores the rising risks posed by outdated strategies and the pressing need for transformative change.
Despite high levels of confidence among security leaders—96 per cent of whom believe they can effectively manage their environments—the findings highlight a significant gap between perception and reality. The rise of hybrid work models and the adoption of generative AI have created new vulnerabilities, many of which existing security measures are ill-equipped to handle. Notably, 63 per cent of organisations believe their technology landscape is now less secure than before, pointing to a critical disconnect between current strategies and emerging threats.
Many companies continue to rely on piecemeal solutions, such as increasing cybersecurity insurance or adding more security tools. However, this approach appears ineffective. According to the report, 61 per cent of organisations now deploy more security tools than they did two years ago, yet security incidents remain both frequent and costly. In fact, enterprises using ten or more security tools reported a higher frequency of incidents and greater associated costs than those with a more streamlined security infrastructure.
Andy Wen, Senior Director of Product Management, Security, at Google Workspace, emphasised the limitations of legacy technology and the dangers of relying on a fragmented approach:
> “Our latest research underscores a critical insight: legacy technology is a significant security risk, and simply adding more security tools isn’t the answer. Instead, organisations need to prioritise inherently secure products and a proactive, built-in approach to security. The modern threat landscape, amplified by the rise of generative AI, demands a fundamental shift in how we approach cybersecurity. The future of security lies in solutions that are secure by design, not in security as an afterthought.”
The report highlights mid-market organisations—those with 300 to 999 employees—as particularly vulnerable. These companies, often burdened by legacy technologies and complex environments, report higher levels of anxiety about security risks compared to larger enterprises. Despite these challenges, there is a notable willingness to adapt. According to the study, 82 per cent of mid-market leaders are actively reconsidering their approach to security, with many showing interest in adopting cloud-native and unified security solutions.
The report stresses the urgent need for a shift in mindset. Instead of layering more tools onto existing systems, Chief Information Security Officers (CISOs) should focus on consolidating their security stack and adopting solutions that are secure by design. Generative AI, while viewed as a double-edged sword, could play a pivotal role in enhancing threat detection and response capabilities—if integrated thoughtfully.
In conclusion, the study calls for organisations to move away from reactive, tool-heavy approaches and towards proactive, built-in security solutions. The evolving threat landscape, driven by technological advancements like AI, demands nothing less than a fundamental change in how cybersecurity is approached.
