Google report shows CISOs must embrace change to stay secure

Google’s latest report, conducted in partnership with Hypothesis Group, reveals a stark reality for organizations: incremental security measures are no longer sufficient. The study, involving over 2,000 decision-makers across the US, UK, India, and Brazil, paints a picture of escalating risks, outdated strategies, and a pressing need for transformative change.

The status quo is unsustainable

Despite high confidence among security leaders (96% feel capable of managing their environments), a gap exists between perception and reality. The hybrid work shift and the adoption of generative AI have introduced new vulnerabilities that current security measures often fail to address. Alarmingly, 63% of organizations believe their technology landscape is less secure than before, highlighting a disconnect between existing strategies and emerging threats.

Adding more tools is not the answer

Many organizations rely on incremental fixes, such as increasing cybersecurity insurance or adding more tools. However, these measures could be more effective. 61% of companies now use more security tools than two years ago, yet incidents remain frequent and costly. Enterprises using ten or more security tools reported higher incident rates and incurred greater costs than those with fewer tools. This highlights a growing need for a streamlined approach rather than a patchwork of solutions.

“Our latest research underscores a critical insight: legacy technology is a significant security risk, and simply adding more security tools isn’t the answer. Instead, organizations need to prioritize inherently secure products and a proactive, built-in approach to security.” said Andy Wen, Senior Director of Product Management, Security, Google Workspace. “The modern threat landscape, amplified by the rise of generative AI, demands a fundamental shift in how we approach cybersecurity. The future of security lies in solutions that are secure by design, not in security as an afterthought,” Andy Wen, Senior Director of Product Management, Security, Google Workspace, told Help Net Security.

The mid-market: Ready for transformation

Mid-market organizations (300-999 employees) are particularly vulnerable. Burdened by legacy technologies and complex environments, they show higher levels of anxiety about security risks compared to larger enterprises. Yet, there is a clear willingness to adapt, with 82% of mid-market leaders actively reconsidering their approach to security. Their openness to adopting cloud-native and unified security solutions indicates a readiness for significant change.

A call for strategic overhaul

The report emphasizes the urgent need for a paradigm shift. Instead of layering more tools, CISOs should focus on consolidating their security stack and adopting solutions that are secure by design. The embrace of generative AI, seen as a double-edged sword, could play a key role in increasing threat detection and response capabilities if integrated thoughtfully.

For CISOs, the message is clear: The traditional, reactive approach is no longer sufficient. Proactive, strategic change is essential.