Security leaders know their world is changing fast. They are trying to stay oriented while the ground keeps shifting beneath them, and AI is accelerating the pace. What once took an attacker days or weeks can now happen in minutes. At the same time, the growing use of generative and agentic AI is expanding the threat surface, often faster than security teams can govern it.
How should leaders respond when facing such pervasive unpredictability? Based on years of working with security teams across industries, I suggest focusing on an important factor we can control: security complexity.
Most organisations today invest heavily in their defence, equipping capable people with serious budgets and a growing arsenal of tools. Yet, despite this investment, the same concerns often surface: overstretched teams are stuck fighting fires, strategic work is sidelined, and despite a flood of alerts, there’s little confidence that the real threats are being seen.
This operational dysfunction isn’t usually because of a lack of security technology, but because over many years they have accumulated too much. The best intentions to have the strongest possible security capability has, ironically, made their organisation more vulnerable.
This friction not only takes a toll on operations, but on people as well, increasing the cognitive load and the risk of error and oversight.
Every additional tool, policy exception, or patched-together integration creates a potential blind spot. Signals fragment. Ownership blurs. Critical context remains trapped in siloed systems. Attackers rarely need sophisticated techniques to breach a network; they just need gaps. And complex toolchains create them.
And when an incident happens, speed of response is crucial. But a bloated security stack makes quick, confident action harder. Teams have to stop and check which system is authoritative and who owns which control. That friction matters. Slow response is not always a skills problem. Very often, it is an architecture problem.
This friction not only takes a toll on operations, but on people as well, increasing the cognitive load and the risk of error and oversight. Recent research by HBR shows the emergence of “AI burnout”, as automation not only increases productivity but also the velocity of human work. Security teams know this strain intimately, and complexity multiplies its effects. When analysts are forced to navigate overlapping tools, inconsistent policies, and fragmented documentation, they have less bandwidth for high-stakes decisions. Alert fatigue rises, knowledge silos harden, and resilience suffers—a burden felt acutely by lean teams in mid-sized organisations.
And to make things worse, the tool sprawl consumes budget that could be used to alleviate the strain. Duplicated capabilities, overlapping licences, and integration overhead represent wasted spend that could be deployed to fund strategic solutions, bolster expertise and lighten the load on overstretched teams.
These issues aren’t new and neither is the technical debt that causes them. They’re the natural byproduct of years of necessary work to patch together security for a landscape that’s always changing. But today, friction, gaps, fatigue, and budget sinkholes aren’t merely suboptimal. They’ve become a major liability because of AI.
Having the simplest viable security means your organisation not only becomes more efficient and agile, but also more resilient.
Generative AI has already accelerated phishing, social engineering, and content-based attacks. Agentic AI raises the stakes again because systems can now take actions across tools and environments with less human intervention. That means the old weaknesses created by fragmented tooling such as limited visibility, unclear ownership, inconsistent controls, become far easier to exploit at speed. And the volume of attacks and potential burden on teams is only likely to rise.
This is one reason secure AI adoption is becoming such an important security priority. It is not only about new threats. It is about whether the underlying security architecture is coherent enough to absorb another layer of operational complexity without increasing risk.
In an era of AI-powered threats, simplicity is not a compromise, but an imperative. The organisations that handle the next wave of cyber risk best will not necessarily be the ones with the broadest array of best-in-breed tools. More likely, they will be the ones with the clearest architecture, the strongest identity foundations, and the most disciplined operating model. By being intentional with their spending, these organisations will also have the financial headroom and flexibility to reallocate finite resources if there’s a black swan event.
Bringing in a partner that works across industries, environment types and solutions can provide the insight and know-how you need to act with assurance.
So where do we start to address this? The objective is not to sacrifice capability or cut costs for the sake of it, but to take a step back, rationalise and realign your security stack, key process, and architecture, so it serves today’s requirements and gives you the agility to respond to what tomorrow may bring.
In practical terms, that usually involves four steps:
Review your security architecture and tooling
Assessing what you have, mapping dependencies and overlaps, and understanding your true TCO and licencing commitments is essential first step in optimisation.
Evaluate and deploy strategic solutions
Integrated security platforms provide capability and coverage at a lower TCO than a multitude of point tools, while giving you a foundation to cut complexity. The nature of your estate and your unique security priorities should determine which solution is the best fit. For instance Microsoft Defender XDR may offer greatest value for Microsoft 365 heavy environments, but heterogeneous estates may require a different strategic fit.
Consolidate the security stack where it makes sense
Fewer tools with clearer roles mean fewer handoffs, fewer gaps, and less duplication. The goal is not consolidation for its own sake. It is consolidation where native integration improves coverage, response, and accountability.
Continuously optimise and reinvest strategically
Resilience is a journey that requires continuous improvement and adaptation. Review performance and rationalise your tooling regularly. Savings from security optimisation should be reinvested in capabilities that increase resilience and innovation.
Of course, it can be a challenge to confidently retire and replace tools when the security and operational continuity of your business is at stake. This is where vendor-neutral solutions expertise can really help. Bringing in a partner that works across industries, environment types and solutions can provide the insight and know-how you need to act with assurance. They can also provide managed services that help incubate refreshed security processes so that change causes minimal disruption.
If there is one takeaway from this post, it is this: the vulnerability that matters most may not be an external threat at all. It may be the unnecessary complexity built into your own security environment that you battle with while you try to secure disruptive technologies. Having the simplest viable security means your organisation not only becomes more efficient and agile, but also more resilient.
The cost of complexity is rising as AI accelerates innovation and risk. Get more expert perspectives on how to adapt at 6th annual Cybersecurity Forum – in Prague and online.
The cost of complexity is rising as AI accelerates innovation and risk. Get more expert perspectives on how to adapt at 6th annual Cybersecurity Forum – in Prague and online.
