Cyber today and tomorrow – why security is more than IT

Most of my work revolves around IT strategy and transformation. Cybersecurity, I used to think, was the domain of specialists – something handled by security teams and auditors. But over the past months, as I read more, worked with colleagues, and helped shape our go-to-market, I realized how deeply it connects to every transformation.

One fact in particular stayed with me: attackers are already collecting encrypted data today, storing it until future technologies, like quantum computing or advanced AI, can break it open.

It made me think. Even if we do everything right today, tomorrow’s technology might turn yesterday’s data into today’s problem. Security isn’t a fixed state. It’s a race against time.

Cyber Today: the reality we live in

When talking to leaders, I often hear: “We have firewalls, we’re compliant, we’re secure.”

But the reality looks different:

• Checklists over resilience: compliance with NIS2, DORA, GDPR is necessary, but often reduced to ticking boxes.

• Tech-driven defense: firewalls, antivirus, and Security Operations Centers: useful, but mostly reactive.

• Alert fatigue: security teams drown in false positives while real threats slip through.

• The illusion of safety: organizations believe they’re protected, until the first real incident.

  
  

And here’s the catch: when an attack happens, you can’t simply “switch off” the problem. Business continues, only exposed.

Cyber Tomorrow: what’s coming next

The next wave will fundamentally reshape the field:

1. AI vs. AI: attacks will be more automated, more personalized, harder to detect.

   Without intelligent, automated defenses, traditional cybersecurity will simply be outpaced.

2. Data harvesting for the future: data stolen today may be cracked tomorrow. Quantum computing could reduce what feels “safe” now to seconds of decryption.

3. Trust as the new perimeter: yesterday: firewalls. Today: zero trust. Tomorrow: visible trust. Customers and partners will only share data where security is not just present, but tangible.

4. From shield to nervous system: cyber will move beyond defense to become sensorics, detecting geopolitical shifts, supply chain fragility, even market risks.

5. Integration by design: security can’t be bolted on. It has to be embedded in every transformation, every migration, every AI program from the start.

What this means for business

Preparation is everything

The question isn’t if you will face an attack, but how fast you can respond when it happens. Speed of detection, containment, and recovery is what defines resilience. Companies that prepare scenarios, test their response, and train their people can absorb a hit and keep going. Those that don’t are forced to improvise under pressure and usually at the highest cost.

From IT issue to board agenda

Cybersecurity can no longer be treated as a technical problem buried in IT. The risks are strategic: operational shutdowns, reputational damage, regulatory fines, and even loss of customer trust. That means cybersecurity belongs on the board agenda, alongside finance, growth, and operations. It requires governance, accountability, and executive ownership, not just technical fixes.

From blocker to enabler

Too often, security is seen as the department that says “no.” But when it’s built into systems and processes from the start, security enables faster adoption, more confident innovation, and stronger customer relationships. Trust becomes an asset. Instead of slowing things down, security by design accelerates change, because everyone knows the foundation is solid.

At my company, we don’t see cybersecurity as an isolated service. We see it as an integral part of transformation. Security by design, not by afterthought.

Closing Reflection

What struck me most is the gap between perception and reality. Many companies believe they’re safe. The real question is: for how long?

Cyber isn’t just a specialist discipline. It touches every transformation, every project, every decision.

So let me turn it around: when did cybersecurity become real for you?