The potential for #cybersecurity spending is limitless.

There’s literally no end to the time, effort and money you could spend on adding more checks and controls to make things more ‘secure’ ad infinitum.

The result is extreme cybersecurity ideologies, ‘secure everything just in case’.

And if you’re responsible, and accountable, for running a cybersecurity programme there are no incentives to not keep demanding for more.

Because if you’re a security extremist, and you still get hacked, at least you can say you did everything in your power to make things more ‘secure’.

It takes real guts and courage to be a cybersecurity non-extremist and advocate for an informed risk approach.