Image generated with AI (Leonardo.ai)
The Dread of Cybersecurity
There’s an emotion in cybersecurity that disguises itself as responsibility: fear. Not the healthy, action-driving kind — but a paralysing, judgment-clouding, resource-draining dread.
The threats are real — and there are more of them every day
Ransomware, phishing, supply chain attacks, zero-day vulnerabilities — the list grows every year. The technology lifecycle makes things harder: devices age out, vendors drop support, protocols get replaced. Change is the only constant.
Now there’s a new layer that’s shifting the game entirely: artificial intelligence. AI has handed attackers a qualitative leap in capability. Phishing emails are grammatically flawless and contextually convincing. Malware is generated and customised faster than ever. Social engineering attacks scale in ways they simply couldn’t before. Deepfake-based fraud is making its way into business environments. And the attack surface itself is expanding, because AI tools bring new systems, integrations, and data flows into organisations — all of which need to be secured.
Then there are the regulations — NIS2, DORA, GDPR — each arriving with its own wave of pressure, triggering a reflex reaction in some organisations: buy something, deploy something, show that you’re on top of it.
This is exactly where rational caution tips over into dread.
The systems watching you — from the inside
Here’s the paradox: cybersecurity itself brings a whole ecosystem of monitoring systems into your organisation. EDR/XDR (endpoint detection and response) tracks what’s happening on your machines and servers. SIEM (security information and event management) collects logs from everywhere. SOAR (security orchestration, automation and response) triggers workflows when threats are detected. NDR (network detection and response) watches packets in real time. DLP (data loss prevention) tracks where data is going.
All of this needs to be managed by a SOC — a security operations centre that monitors, detects, and responds to incidents. And then there’s the often-overlooked other half: the NOC — the network operations centre, responsible for the reliability and availability of your infrastructure. Both matter. Both require skilled people.
Each of these tools is useful on its own. Together, they form an infrastructure that generates an enormous volume of alerts — most of which are noise. The SOC’s job is essentially to sift through that noise to find the one real threat. Hour after hour, day after day, year after year. 24/7.
The question isn’t just “are we being monitored?” It’s “is anyone actually seeing, understanding, and acting on these signals?”
Buying our way out of dread
There’s a sales argument that almost always works: “Do you have X in place? No? Then you’re exposed.”
So you buy X. Then Y comes along. Then Z. Every new threat paired with a corresponding product. Every audit revealing a gap that can be filled with another tool. The cybersecurity shopping cart never empties — it only ever gets fuller.
Consider the product portfolio of any major cybersecurity vendor today. Firewall, VPN, EDR, SIEM, SOAR, WAF, CASB, SASE, NDR, DLP, PAM, IAM, NAC, deception technology, threat intelligence, vulnerability management — and the list keeps growing. That’s before you account for the fact that there are multiple competing products in each category.
The result: organisations end up with ten, fifteen, twenty tools. Across multiple vendors. With separate consoles, separate licensing models, separate update cycles. Each one promised to solve a problem. Some of them do. Some are sitting on default settings, largely forgotten. Some are actively creating vulnerabilities because nobody’s keeping them updated.
There’s a term for this: security theater. The system looks protected. The reality is something else.
Who’s actually managing all of this?
It’s the question that rarely gets asked before the purchase. Every solution needs maintenance: configuration, updates, alert review, integration with everything else. That takes time and people who know what they’re doing.
A small IT team managing ten different security tools is not more secure than the same team managing five well-maintained ones. Often it’s the opposite.
Next up: how to find the balance — and why “less is more” isn’t a lazy approach. It’s a strategic choice.