Published on: March 12, 2025
A new report from CISOs Connect highlights a mounting crisis in cybersecurity: cybersecurity debt — the accumulation of outdated and misconfigured security measures — has left organizations more vulnerable than ever.
The 79-page report was authored by 10 leading Chief Information Security Officers (CISOs) and sponsored by Nagomi Security. It details how decades of patchwork security fixes have created inefficiencies, inflated risk, and left businesses struggling to protect themselves.
“Cybersecurity debt is one of the most pressing challenges security teams face today,” said Robert Turner, CISO at Penn State University and the report’s executive editor.
He explains that instead of addressing underlying security gaps, companies have layered new tools over old systems, creating a tangled mess.
“For decades, security teams have layered new tools and processes on top of old ones without fully addressing underlying gaps,” Turner added. “This report shares real-world insights from security leaders who understand that cybersecurity debt is a business risk, not just a security issue.”
The report includes insights from CISOs at major organizations like Hard Rock and PGA Tour Superstores, offering real-world perspectives on how businesses can quantify and manage cybersecurity debt. Unlike vendor-backed research, the document is a peer-driven effort, providing an unfiltered look at the problem and potential solutions.
Experts warn that simply increasing security budgets isn’t enough.
“More spending hasn’t equaled better security — it’s just created a web of disconnected tools,” said Emanuel Salmona, CEO of Nagomi Security. “More spending hasn’t equaled better security—it’s just created a web of disconnected tools and processes that make proving security’s effectiveness nearly impossible. This report brings to light how cybersecurity debt is compounding risk and provides a roadmap to regain control.”
“Cybersecurity debt is one of the biggest risks organizations have to grapple with today, and this report powerfully lays out this argument while charting a course to redress it,” said Lock Langdon, VP & CISO at Aprio. “The fact that this report is vendor-neutral cements its impact.”
Source of Article
