Why visibility, not silence, should drive cyber-confidence

For many business leaders, recent cyber-security metrics appear reassuring. Fewer reported incidents. Fewer confirmed breaches. A sense that, at last, risk may be coming under control.

 

But what looks like progress may in fact be a widening visibility gap — and attackers thrive in the dark.

 

New research suggests that declining cyber-security incident numbers do not necessarily indicate improved security. In fact, they may point to the opposite: growing blind spots driven by skills shortages, operational complexity, and a lack of real-time visibility across modern IT environments.

 

Enterprise Strategy Group (ESG) analysis shows that while fewer organisations say they have experienced cyber-incidents over the past two years, the number reporting no incidents at all has more than doubled. At first glance, this looks like progress. But dig deeper and a more troubling explanation emerges.

 

According to the report, organisations with weaker visibility and known skills gaps are significantly more likely to report zero incidents. Not because attacks aren’t happening, but because they are going undetected. More mature organisations, by contrast, often report more incidents precisely because they can see them.

 

In cyber-security, ignorance is not safety. It is exposure.

 

 

When “better numbers” hide growing risk

Cyber-security performance has long been measured through headline metrics: number of incidents, time to remediation, breach counts year on year. These figures are simple, board-friendly, and comforting when they trend downwards. Yet in today’s environments – hybrid work, cloud sprawl, unmanaged endpoints and constant change – such metrics can be misleading.

 

Many organisations simply do not have a complete, real-time understanding of their IT estates. Devices connect and disconnect. Assets appear and disappear. Systems fall out of compliance without triggering alerts. When teams lack the skills or tools to maintain continuous visibility, attacks that exploit those gaps can pass unnoticed.

 

ESG’s research highlights this disconnect clearly. Respondents who reported skills shortages in areas such as vulnerability management and incident reporting were far more likely to say they had experienced no cyber-attacks at all. Meanwhile, organisations with stronger operational maturity reported higher incident rates, because they were better equipped to detect suspicious activity.

 

The implication for business leaders is stark: improving cyber-security numbers may sometimes signal blindness, not resilience.

 

 

Complexity, skills gaps and distorted decision-making

This challenge is compounded by the widening cybersecurity skills gap. Teams are under pressure to secure increasingly complex environments with fewer resources, less time and limited specialist expertise.

 

At the same time, technology stacks have grown fragmented. Security and IT operations tools often operate in silos, generating partial views of risk rather than a shared understanding of what is happening across the organisation.

 

In this environment, leaders may make decisions based on incomplete or outdated information. If dashboards show fewer incidents, investment may be redirected elsewhere. If alerts are quiet, risk may be assumed to be low. But without continuous, high-fidelity visibility, these conclusions rest on shaky ground.

 

False confidence is particularly dangerous because it delays action. It encourages organisations to believe they are safer than they really are - until a serious incident proves otherwise.

 

 

Visibility is a leadership issue, not just a technical one

One of the most important lessons from ESG’s findings is that visibility is both a technical metric and a strategic capability.

 

Organisations that can see their environments clearly are better positioned to detect anomalies, identify emerging threats, and respond decisively. Those who cannot are left reacting to events after damage has already been done.

 

This requires breaking down traditional barriers between IT operations and security teams, aligning them around shared data, shared tools and shared accountability. Visibility improves when teams work from a common, trusted view of the environment – it gives them confidence in their actions and significantly improves security.

 

But visibility alone is not enough. Leaders must also ask whether their organisations can act on what they see.

 

 

From awareness to action with autonomous IT

This is where autonomous IT is becomes a differentiator. Autonomous IT uses real-time data, intelligence and automation to reduce reliance on manual intervention for routine, time-critical tasks. It enables systems to detect issues, assess risk, and take appropriate action within guardrails defined by human teams.

 

For organisations facing acute skills shortages, this shift is critical. ESG research shows that nearly half of respondents identify AI and machine learning implementation as a top skills gap – exceeding even cloud security. Automation is now as much about resilience as it is efficiency.

 

By handling repetitive, error-prone tasks autonomously, organisations can free skilled professionals to focus on higher-value work: investigating root causes, improving policies, and strengthening defences. More importantly, autonomous IT helps ensure that visibility translates into timely action, rather than alerts piling up unanswered.

 

 

Addressing concerns around control and trust

Understandably, some leaders worry that greater autonomy means losing oversight or control. In reality, the opposite is true, when implemented responsibly.

 

Autonomous IT should operate within clear boundaries, with transparency, auditability and human oversight built in. Leaders should expect systems to provide evidence-based confidence: showing why actions are taken, how success is measured, and when escalation is required.

 

Phased deployment, role-based controls and continuous monitoring allow organisations to adopt autonomy without sacrificing accountability. When humans remain firmly in the loop – setting policy, validating outcomes and intervening when necessary – autonomy becomes an amplifier of expertise, not a replacement for it.

 

 

Separating resilience from reassurance

The key message for business leaders is simple: quieter dashboards do not automatically mean lower risk.

 

In a complex threat environment with limited talent pools and expanding attack surfaces, true resilience is defined by visibility, responsiveness and confidence grounded in evidence. A resilient organisation should be able to answer three questions with confidence: What assets do we have? What is their current state? And can we remediate issues immediately? If any of these answers are unclear, visibility — not risk — is the real problem.

 

Falling cyber-numbers may feel reassuring, but leaders must ask harder questions. Are incidents genuinely decreasing, or are they simply going unseen? Do teams have the skills and tools to detect subtle anomalies? And can the organisation respond at the speed today’s threats demand?

 

Those that confront these questions honestly – and invest accordingly – will move organisations toward genuine cyber-resilience and real confidence in their systems.

 

---

 

Zac Warren is Chief Security Advisor at Tanium

 

Main image courtesy of iStockPhoto.com and Yuliya Taba