Cyber-security: why visibility is key

Risk Management05 Aug 2025

Matt Poulton at Forescout argues that it’s visibility, not just technology, that defines today’s cyber-security leadership

The role of the CISO is undergoing a quiet transformation. Once defined by being the highest skilled person with a deep technical knowledge of security, these leaders are now expected to operate more like business executives or cyber-COOs, negotiating budgets, articulating risk at board level and aligning their functions with strategic outcomes.

It’s a natural evolution. Like all leadership positions, the higher you rise, the less time you spend hands-on, and the more time is devoted to communication, persuasion and strategic planning. But in cyber-security, this shift comes with a unique challenge: the more distant you are from the technical front lines, the harder it becomes to maintain an accurate picture of your organisation’s real security posture.

That challenge is not theoretical. It’s showing up in the data.

A confidence divide between executives and practitioners

Two recent studies illustrate just how deep the gap in operational readiness perception has grown between business leaders and front-line security professionals.

BitDefender found that CISOs were significantly more confident than mid-level managers in their organisation’s ability to manage growing cyber-risks (45% vs. 19%).

Meanwhile, Darktrace’s State of AI Cybersecurity report shows the reverse when it comes to AI threats, senior executives are more confident in their AI readiness than the technical teams who deal with those threats daily. Just under half of security engineers and SOC practitioners believe their organisations are prepared for AI-driven attacks, compared to 62% of executives.

These discrepancies are a reflection of structural misalignment and, sometimes, reality. Each level of the organisation interprets security data through different lenses, shaped by the tools, responsibilities and communication channels specific to their role.

From the SOC analyst to the CISO to the boardroom, insights are filtered, summarised and reframed depending on the role; and sometimes, it’s not even for the best outcome of the problem. The result is an inconsistent understanding, misaligned priorities and fractured security strategies.

Why visibility is the starting point

One of the biggest drivers of this disconnect is risk posture: in simple terms, visibility, or rather a lack thereof. As the boundaries between IT and OT dissolve and as more unmanaged, non-traditional devices connect to corporate networks, the old perimeter model no longer applies. Gone are the days when protecting endpoints and email gateways was enough. Today’s infrastructure includes everything from IP phones and printers to video conferencing systems, smart HVAC units and even coffee machines, many with default credentials, few with adequate protections.

These assets may seem low risk taken on an individual basis, but they represent a massive expansion of the attack surface. If you don’t know they’re there, you can’t secure them. And if you can’t secure them, you certainly can’t claim to have control over your organisation’s risk exposure.

This is especially problematic when CISOs are expected to report on risk posture with confidence. How can any leader sign off on risk acceptance when they’re unsure what’s connected to their network? What may have passed as acceptable coverage five years ago, i.e. endpoint tools, perimeter firewalls or sandboxing, now fails to account for the distributed, device-rich reality of today’s environments.

The number one thing a security leader needs is visibility: not just into the infrastructure, but into the behaviour of everything within it. And that visibility must be continuous and adaptable, because the threat landscape changes daily. Without that baseline understanding, no amount of strategic alignment or compliance reporting can fill the gap.

The threat and opportunity of AI

AI compounds these challenges, both as a threat vector and a potential solution. On the offensive side, we’re seeing AI being used to scale attacks with frightening efficiency: adaptive malware, phishing campaigns personalised at machine speed and autonomous vulnerability discovery, for example. Adversaries no longer need to brute-force their way into systems. They can use AI to “think” their way in.

On the defensive side, however, AI offers an unprecedented opportunity to close the communication gap. By correlating data across domains, contextualising alerts and translating technical anomalies into business-relevant insights, AI-enabled tools can bridge the divide between practitioner and executive. They can tailor data to the user’s role, providing granular logs for analysts, threat summaries for security managers and board-ready dashboards for the CISO.

And boards must understand that AI threats aren’t speculative, they are active, evolving and already being exploited to some extent. Though to avoid the FUD when it comes to AI exploits, recent Vedere Labs research proved that it’s not quite time to panic yet, as AI-driven exploits have a high rate of failure within the context of having robust cyber-security strategies in place.

Yet, as is the norm with research of this kind, it’s considered novel… until it isn’t. So the time to prepare policies and good cyber-security practices around AI is now, to protect organisations into the future.

A call for context-aware leadership

First, security leaders must accept that translating technical risk into business language is no longer optional; it’s foundational. Today’s CISO is less of a technologist and more of a business strategist with security expertise. They must be able to explain not just what a threat is, but what it means for the business, its obligations and its resilience.

Second, we need to improve how information flows between levels of the organisation. Rather than passing information up the chain with increasing levels of abstraction, modern security platforms should allow shared access to core telemetry, filtered and contextualised for each audience. In this model, the SOC, the security architect, the compliance officer and the CISO are all working from the same data, but seeing the angles that matter most to them. That’s how we reduce misinterpretation and bring alignment to decision-making.

Third, we must embrace training and recruitment strategies that prioritise communication and contextual thinking. Not every security role requires deep coding knowledge, but nearly all require an understanding of how security risk impacts operations, compliance and reputation. Security professionals of the future will need to be part technologist, part strategist, part translator.

The bigger picture

The real shift here is philosophical: cyber-security must be viewed as a business function, rather than a mere technical discipline. Leaders are being asked to justify investment not with promises of ROI or competitive agility, but with the language of insurance: risk reduction, compliance readiness, continuity and trust.

Security tools should support that shift. They should help security teams quantify risk, visualise gaps and communicate with clarity. And while no tool can fully eliminate the challenges of complex environments or emerging threats, they can ensure that everyone, from analyst to board member, is seeing the same reality.

If boards believe they’re well protected while frontline defenders see serious gaps, investment decisions may be misaligned, response priorities delayed, and risk levels misunderstood. A fragmented view of the organisation’s true exposure undermines the agility and decisiveness needed to respond to evolving threats. Adversaries thrive on that ambiguity.

Ultimately, the most dangerous vulnerability isn’t a misconfigured device or an unpatched system. It’s a false sense of security born from incomplete understanding. If you want to lead in cyber-security today, visibility is just the start. The real job is turning that visibility into shared, strategic action, before attackers do it for you.

Matt Poulton, GM and VP International at Forescout

Main image courtesy of iStockPhoto.com and Shutter2U