The article highlights the pervasive normalcy bias in cybersecurity, where organizations underestimate the risk of breaches by assuming no news means no problem. It stresses that without proactive auditing and continuous security testing, cybercriminals effectively become the unintended ‘auditors,' exploiting gaps between perceived and actual security, leading to escalating incidents despite increased awareness. To counteract this, enterprises must actively evolve their cyber resilience strategies, incorporating ongoing threat assessments, advanced detection services, and secure practices before breaches occur.
https://www.welivesecurity.com/en/business-security/cybercriminals-auditors-never-hired/