Olivia Pickering
Marketing Executive
May 5, 2026
According to insights from DTP Group’s CTRL ALT Disrupt podcast, the issue is not a lack of tools, awareness or spending, it is that organisations are solving the wrong problem.
Experts warn that the vast majority of breaches are not caused by sophisticated attacks, but by known vulnerabilities with existing fixes that organisations fail to address.
Most businesses treat the symptoms, not the problem
Many organisations focus heavily on detecting and responding to threats. But this approach overlooks the root cause of most security issues.
Greg van der Gaast, cybersecurity expert and former ethical hacker, explains:
“We are not actually dealing with the problem. We are dealing with symptoms of the problem and never getting to the underlying cause.”
In practice, this means businesses are continuously investing in tools to monitor, detect and mitigate risks, without addressing how those risks are created in the first place.
Most security breaches are preventable
A key insight from the discussion is that the overwhelming majority of breaches stem from known issues.
These vulnerabilities often:
- Have already been identified
- Have available fixes or patches
- Have existed within systems for months or years
In many cases, organisations are not being breached because attackers are highly sophisticated, but because basic issues remain unresolved.
Why tools can actually make the problem worse
While security tools play an important role, over-reliance on them can increase complexity.
Each additional tool introduces:
- More systems to manage
- More dependencies
- More potential points of failure
In some cases, security solutions themselves have created major disruption, highlighting the risks of adding layers without addressing underlying issues. The result is a cycle where organisations continue to invest in reactive measures, while the root causes remain unchanged.
Security is a business problem, not a technical one
One of the most important shifts highlighted in the podcast is the need to rethink how cybersecurity is defined. Rather than being treated as a standalone technical function, security is a direct consequence of how a business operates. It is shaped by how systems are designed, how processes are structured, how teams are incentivised and how decisions are made across the organisation.
Without addressing these underlying factors, security issues will continue to surface regardless of how much organisations invest in tools or mitigation.
The cost of getting it wrong
The impact of poor cybersecurity extends far beyond the initial breach. In one example discussed, attackers were able to gain full administrative control of an organisation’s entire environment within hours, despite the business passing previous security tests.
In other cases, the cost of recovery has far exceeded the breach itself, driven by inefficient systems and a lack of operational capability. This points to a wider issue; weak IT foundations do not just increase risk, they also make it significantly harder and more expensive to respond when something goes wrong.
How to fix the root cause
Experts argue that organisations need to move away from reactive security and take a more strategic approach. This means understanding why vulnerabilities exist in the first place, addressing the process and design issues that create them, and improving how systems are built and maintained over time. Security tools still play an important role, but their value lies in identifying patterns and signals, not just fixing individual issues.
In many cases, what appears to be thousands of separate vulnerabilities can be traced back to a small number of underlying problems. As cybersecurity investment continues to grow, the findings suggest that more spending alone will not reduce risk. Until organisations address how vulnerabilities are created, breaches will remain a persistent issue.
Ultimately, cybersecurity is not failing due to a lack of technology, it is failing due to businesses treating an organisational problem as a technical one.
More about the Podcast
DTP Group’s CTRL ALT Disrupt podcast explores the real challenges facing IT leaders and organisations navigating digital transformation. Hosted by BBC weather presenter Abbie Dewhurst, the six-part series features industry experts and business leaders discussing the structural and cultural issues shaping technology, performance and security.
Available on Spotify, Apple Podcasts and YouTube.
