Many organisations have responded by increasing cybersecurity insurance or adding more tools
A recent report by Google, conducted in collaboration with Hypothesis Group, reveals a critical reality for organisations: incremental cybersecurity measures are no longer sufficient. The study, which surveyed over 2,000 decision-makers across the US, UK, India, and Brazil, highlights the growing disconnect between existing security strategies and the evolving threat landscape.
While confidence among security leaders is high—96 per cent believe they can manage their environments—the report points to a significant gap between perception and reality. The shift to hybrid work and the rapid adoption of generative AI have introduced new vulnerabilities that traditional security measures often fail to address. Alarmingly, 63 per cent of organisations feel their technology landscape is less secure than before, underscoring the inadequacy of current approaches.
Many organisations have responded by increasing cybersecurity insurance or adding more tools. However, this approach may be counterproductive. The report shows that 61 per cent of companies now use more security tools than they did two years ago, yet the frequency and cost of incidents remain high. In fact, enterprises using ten or more security tools reported higher incident rates and greater expenses than those with fewer tools. This suggests that a fragmented approach to cybersecurity may be creating more problems than it solves.
Andy Wen, Senior Director of Product Management for Security at Google Workspace, emphasised the need for a shift in strategy. “Our latest research underscores a critical insight: legacy technology is a significant security risk, and simply adding more security tools isn’t the answer. Instead, organisations need to prioritise inherently secure products and a proactive, built-in approach to security,” he said. “The modern threat landscape, amplified by the rise of generative AI, demands a fundamental shift in how we approach cybersecurity. The future of security lies in solutions that are secure by design, not in security as an afterthought.”
The report also highlights the vulnerability of mid-market organisations (those with 300 to 999 employees). These companies, often burdened by outdated technologies and complex IT environments, express greater anxiety about security risks than larger enterprises. However, there is a clear willingness to change. Notably, 82 per cent of mid-market leaders are reconsidering their security strategies, with many exploring cloud-native and unified security solutions as a path forward.
Google’s findings point to an urgent need for chief information security officers (CISOs) to rethink their approach. Instead of layering more tools onto already complex systems, the focus should shift towards consolidating security infrastructure and adopting solutions that are secure by design.
The report also acknowledges the dual role of generative AI, which presents both risks and opportunities. While it introduces new vulnerabilities, it can also enhance threat detection and response capabilities when integrated thoughtfully.
As cyber threats continue to evolve, the report sends a clear message: the old ways of addressing security challenges are no longer adequate. Organisations must embrace a more holistic, proactive approach to safeguarding their digital environments if they are to keep pace with an increasingly complex threat landscape.
