• Harvard Business Review article nails the challenges with underimplemented security tools

    21 Jul 2025

    Harvard Business Review (HBR) just published a great piece that covers the challenges associated with information security tools and highlights many of the reasons that security programs often fail. Here’s the essence of the piece: Despite spending billions on tools, most organizations are seeing modest results. Nearly half the tools companies invest in go unused.

    Sound familiar? It gets better. Or worse.

    The article highlights various reasons why tools fail to deliver, and every single one of them will resonate with people who’ve been in the IT/security industry for a while:

    • Tools are acquired with no clear strategy or business alignment

    • There’s no consistent review or auditing process

    • They’re poorly integrated, creating silos of inefficiency

    • Most of the organization doesn’t even use them (beyond the people who bought them)

    • Everyone’s too busy stacking shiny objects to realize they’re solving the wrong problems 🙂

    These define the term you may have heard: underimplemented. And it’s a big problem in/around IT and security.

    The HBR piece also offers fixes including:

    1. Get the right people involved
    2. Define clear objectives
    3. Right-size your tech stack
    4. Run regular performance reviews
    5. Break down silos
    6. Make the tools useful across departments
    7. Consider leveraging AI to improve efficiency

    These things are straight out of the security common sense playbook. Those basics I often write about.

    All good stuff, right? Well, here’s the kicker: the HBR article isn’t about security at all. It’s about marketing tech (a.k.a. martech) and was based on a CMO survey of 292 senior marketers. But it could just as easily have been written about security tools for GRC, vulnerability management, or threat intelligence…you name it!

    The original HBR article is here if you want to check it out.

    So here’s the question: If this kind of underutilization and overinvestment is happening in both marketing and security, what’s really broken? Is it the tools? Or is it us humans? And what other aspects of business are being affected?

    I have discovered throughout the years that most challenges with security come with hair on top. How can we evolve beyond simply buying more stuff and start building systems, processes, and cultures that actually use what we’ve got?

    Just some food for thought. Perhaps a checklist for your next security budget review.

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

I’ve written/co-written 12 books on information security including:

 

Tags

AI appsec basics books Career Networking careers censorship cervical instability CIO CISSP cities coronavirus covid-19 cybersecurity data breaches eagle syndrome hacking Hacking For Dummies health helmet communications incident response information risk keynote speaker leadership NCAA football networking outsourcing passwords policy enforcement Power Four rare diseases resilience Russian hacking security security leadership security speaker social engineering speaking engagements sql injection tethered spinal cord time management underimplemented vulnerability and penetration testing web security zero-based thinking

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.