The year 2025 was a year many would most likely wish to forget; particularly if they suffered a major cyber security incident, says Michelle Laverick, CTO of software firm Droplet, pictured.
Of the well-known brands to have become a victim of such an event, they didnโt happen because they were impossible; more so that they were predictable.ย With the financial impact of these events running into the millions – and that doesnโt take into account the longer term reputational damage – it appears that many are seeing significant cyber attacks as par for the course for operating a business nowadays. How sad if that is the case.
There is no doubt that businesses are operating in a challenging economic and political environment increasing uncertainty. But equally, we must also consider that the greatest tech investment that an organisation could make this year wonโt be seen in the revenue column, but in the headlines that never ran.ย It is this invisible ROI [return on investment] that the C-Suite is desperate to see as with this, where the scale of the attack surface is reduced, so too is the level of risk, is reduced. It also finally achieves the โboringโ security posture that they have not only been craving, but have been promised the whole time.
But is this just another fever dream?
Removing the oxygen from the fire
Traditional IT security has been built on the concept of cat and mouse, whereby organisations find a fire and then put it out. In recent years, this firefighting has seen identity at the centre of a threat, and credential theft is now the primary cause of breaches that occur.
But we are seeing a shift take place; one where isolation changes the game as organisations are tired of focusing solely on detection and want to move towards physics. Why? If a threat has no environment to act in, it cannot exist. As a result, by removing the oxygen from the space, the match can never ignite in the first place. But moving away from a โfail safeโ mentality to a โsafe to failโ one can be a tricky hurdle to overcome.
Why vendor sprawl has failed usย
The volume of security tools that the average enterprise has deployed internally is staggering. Market estimates vary, but figures I have seen assume that on average they have between 60 and 75 security tools installed – but in some cases, this can be as many as 140 tools. While one would think that this would result in there being no opportunity of a breach occurring, it actually creates alert fatigue, visibility gaps and integration debt.
From a CTO perspective, this means that not only are we spending more than ever, but rather than reducing the attack surface as we believe we are more protected, the opposite is true. More tools are more likely to bring more misconfigurations.
With IT complexity increasing in recent years, it is vital that IT managers and the C-Suite alike look to simplify their vendor landscapes. By consolidating solutions through a container-first approach, teams could not only lower their Total Cost of Ownership (TCO) but also streamline any software bloat that exists.
From defensive to offensive
Making this move toward smarter IT investments can involve a mindset shift. When it comes to security, we have seen many extol the virtues of zero-trust. However, in equal measure, we have seen time and again how, when used in isolation, it is insufficient and breaches continue to occur.
Shifting to an attitude whereby nothing is trusted, means that every action, decision and entry attempt is questioned. By taking this offensive approach, organisations can be reassured that their environments will mitigate threats, leading to a much more mundane day-to-day.
To take this offensive approach, it is important for organisations to take the following steps:
- Audit the potential โblast radiusโ: Identify where there is increased risk from human error or weak entry points from an identity perspective.
- Air-gap the workspace: Move any high risk activities into isolated containers.
- Benchmark resilience: Instead of measuring success based on the volume of threats identified, measures should instead consider the hours of work that have been uninterrupted by attacks.
The financial case
For too long, organisations have only considered the impact of something by what they can see. Certainly, when it comes to cyber incidents, while traditional detection systems allow an average dwell time (i.e., the time an attacker sits in a network) of 11 days, isolation reduces this considerably by ensuring malicious code never touches the endpoint.
As such, we need to consider the intangible when looking at ROI in 2026. Thatโs because brand immunity is priceless and an isolated non-event becomes a greater competitive advantage. This surely makes isolation technology a no-brainer for the C-Suite, and actually the most profitable technology that can be invested in this year is the one that makes your company too expensive to attack.
Let this year be the year we stop chasing fires and start building a house that simply cannot burn. Invisible ROI isn’t about what you see on your dashboard; it’s about the peace of mind you feel when you realise that your organisation has finally become un-shockable. We all deserve a bit of that this year.
