{"id":197782,"date":"2026-03-20T11:19:00","date_gmt":"2026-03-20T15:19:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/03\/20\/silence-in-the-breach-why-cybersecurity-is-a-leadership-problem\/"},"modified":"2026-03-20T15:55:15","modified_gmt":"2026-03-20T19:55:15","slug":"silence-in-the-breach-why-cybersecurity-is-a-leadership-problem","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/03\/20\/silence-in-the-breach-why-cybersecurity-is-a-leadership-problem\/","title":{"rendered":"Silence in the Breach: Why Cybersecurity Is a Leadership Problem"},"content":{"rendered":"<p><a href=\"https:\/\/www.techerati.com\/news-hub\/silence-in-the-breach-why-cybersecurity-is-a-leadership-problem\/\">Silence in the Breach: Why Cybersecurity Is a Leadership Problem<\/a><\/p>\n<p><a href=\"https:\/\/www.techerati.com\/news-hub\/silence-in-the-breach-why-cybersecurity-is-a-leadership-problem\/\">https:\/\/www.techerati.com\/news-hub\/silence-in-the-breach-why-cybersecurity-is-a-leadership-problem\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-03-20 11:19:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.techerati.com\">www.techerati.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. At Tech Show London, Former Chief Security Advisor at Microsoft, Sarah Armstrong-Smith, delivered a keynote that reframed one of cybersecurity\u2019s most persistent assumptions.Rather than centring on tooling, encryption, or perimeter defences, she examined leadership culture, psychological safety, and the structural conditions that allow risk to escalate. The issue, she suggested, is not employee carelessness. It is whether organisations are designed in ways that make silence the rational response.She began by highlighting a phrase that is, in her words, \u201cguaranteed to kind of wind me up\u201d:\u201cThe weakest link.\u201dFor Armstrong-Smith, the idea that people are inherently the weakest link obscures deeper structural failings. Phishing simulations, repeat-offender policies, and internal jokes about uninformed and reckless users may be intended to increase vigilance, but they can also entrench blame culture. At a time when attacks are becoming more sophisticated, simplistic narratives fail to address systemic vulnerabilities.Shadow IT, Shadow AI and Structural Blind SpotsArmstrong-Smith reminded the audience that workarounds are not a new phenomenon.\u201cWe\u2019ve all always had Shadow IT.\u201dEmployees adopt unsanctioned tools when official systems feel restrictive or slow. More recently, she noted, organisations are contending with \u201cShadow AI\u201d \u2013 the informal use of AI tools outside established governance frameworks.The underlying issue is visibility. If leadership teams do not understand how technology is actually being used \u2014 rather than how policy assumes it is used \u2013 then controls become misaligned from reality. The gap between assumed behaviour and operational behaviour creates exposure.\u201cWhat you think you\u2019re protecting and what you\u2019re actually protecting are two completely different things,\u201d she illustrated through examples.In this context, security failure is often less about technical capability and more about structural blind spots.Apathy as Organisational RiskArmstrong-Smith argued that the most consequential vulnerability is neither Shadow IT nor AI-enabled attack vectors. It is disengagement.\u201cThe most dangerous thing in your organisation\u2026 is when we start to have apathy.\u201dShe described employees who feel overlooked, undervalued or fearful of repercussions. When mistakes occur in such environments, they go unreported.\u201cDo you know what? I don\u2019t care. I don\u2019t care anymore.\u201dSilence allows risk to compound.She also addressed insider threats, noting that they are not always accidental or na\u00efve.\u201c30% of all inside threats are now super malicious users.\u201dIn these cases, individuals understand organisational systems well enough to exploit them deliberately. Yet the conditions that allow such behaviour to persist often stem from cultural disengagement rather than technical weakness.AI, Deepfakes and the Escalation of Social EngineeringThe keynote also examined how AI is reshaping deception.Phishing emails no longer rely on obvious grammatical errors. Deepfake technology can replicate voice and likeness with increasing precision. Attackers monitor social media and tailor language to specific individuals.The distinction between human and machine deception is narrowing.\u201cHow if the machine can\u2019t tell the difference, how can a human?\u201dArmstrong-Smith questioned the fairness of expecting employees to detect deception that advanced detection systems struggle to identify. Despite this, when breaches occur, responsibility frequently returns to the individual rather than the system.Cybersecurity as Enterprise RiskA central theme of the keynote was the need to reposition cybersecurity within organisational governance.\u201cThis is a business problem. So this is an Enterprise risk.\u201dWhile boards acknowledge cybersecurity in principle, she argued that it is still too often framed as a CIO concern rather than a strategic one. Risk reporting dashboards are frequently sanitised, shifting red indicators toward amber or green to avoid discomfort.\u201cI don\u2019t actually care about the green\u2026 what I want is the red.\u201dEffective oversight requires confronting vulnerabilities directly. Backup systems that exist only on paper provide little resilience.\u201cHave you done your due diligence?\u201dTesting recovery processes and rehearsing worst-case scenarios are not optional exercises; they are structural safeguards.Psychological Safety as a Security ControlArmstrong-Smith positioned psychological safety as a front-line defence.When an employee clicks a malicious link or suspects compromise, rapid disclosure can significantly reduce impact.\u201cI should feel empowered to be able to say it without repercussion.\u201dWhere fear of blame suppresses reporting, attackers gain time. The organisation loses visibility precisely when it needs it most.Her conclusion centred on leadership behaviour rather than technology. Resilience depends on transparency, accountability and openness to uncomfortable truths. Threat actors will continue to innovate. AI will accelerate both attack and defence. Incidents will occur.What organisations can control is how quickly people feel able to speak up.In environments where silence persists, risk accumulates. In environments where psychological safety is embedded, disclosure becomes an early warning mechanism rather than a reputational threat.Cybersecurity, in this framing, is not only a technical discipline. It is a function of how organisations lead, communicate and respond under pressure.From Zero Trust to AI risk, security leaders share how they are strengthening resilience across complex enterprise environments.<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Silence in the Breach: Why Cybersecurity Is a Leadership Problem https:\/\/www.techerati.com\/news-hub\/silence-in-the-breach-why-cybersecurity-is-a-leadership-problem\/ Publish Date: 2026-03-20 11:19:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":197783,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.techerati.com\/wp-content\/uploads\/2026\/03\/Techerati-images-2026-03-20T151043.070.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,30,24,31,25,27],"class_list":["post-197782","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-breach","tag-cybersecurity","tag-exploit","tag-phishing","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/197782"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=197782"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/197782\/revisions"}],"predecessor-version":[{"id":197784,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/197782\/revisions\/197784"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/197783"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=197782"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=197782"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=197782"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}