A panel of five C-suite leaders discussed how cybersecurity success is measured and why it isn’t improving results, in a Dark Reading feature published on 7 April 2026. The discussion highlighted a persistent misalignment between investments and outcomes, with Andrew Rubin noting that breaches, their size, and economic losses have risen year after year.
Lie 1 identified is that activity equals progress, with Theresa Payton arguing that success is defined by reduction of threat surface rather than checklists and compliance metrics. The panel also emphasised that you cannot protect everything, a point echoed by Nationwide Building Society’s David Boda, who said half his time is spent on response and recovery.
They stressed threat modelling should be grounded in written analyses and that attackers come from all parts of the landscape, including socially motivated actors, a reality underscored by the evolving role of AI in lowering barriers to entry.