In todays world technology usage had increased and so is complexity. Cutting edge technology stacks are helping companies to enhance the offerings and grow leaps and bounds. At the same time companies should also focus on evaluating the technologies and controls which can help them to protect and ensure these tech stacks are secure enough.
The challenge is almost 90% of the companies which are emerging are focusing only on functionality part until they have been hit by some or the other cyber security attack. People consider security as cost center or as additional burden. Companies only reliase security is required after post attack or if its coming from regulator and at that that they have to pour in huge funds in enhancing security posture of organizations.
Most of the companies say there is no budget for security before any attack or regulatory requirement. Post to the attack or some fine from regulator companies become comfortable for information security spendings.
This needs to be changed before attackers make companies the next target or before any fine is slapped to the companies. The best way to change this is make key executives understand the importance of security and showcase the value which security can bring in to the table if done rightly.