Experiencing a breach?
Select Language
Request demo
Languages
Request demo
Back to Home

Partners

Partner offeringPartner success services
Back to Home

Resources

Resources Hub Resources
Back to Resources

Resources Hub

See all
Contact us
Back to Resources

Resources

Success storiesWebinarsEventsPodcastsPressroomBlogW/Labs
Contact us
Back to Home

About

About WithSecureLeadershipCompany contacts & officesCareers at WithSecureMuseum of Malware ArtAchievements & certificationsSustainabilityCompare UsVulnerability reward program
Contact us
Back to Home

Platform

Elements Cloud Elements capabilities
Back to Platform

Elements Cloud

See overview
Back to Platform

Elements capabilities

Exposure ManagementExtended Detection & ResponseCo-Security Services
Back to Home

Solutions

Industry Use case
Back to Solutions

Industry

Solution industry page linkSolution industry page linkSolution industry page link
Back to Solutions

Use case

ComplianceSolution use case page linkAI threatsSolution use case page linkSOC transformationSolution use case page link
Back to Home

Login

Back to Home

Languages

English Finnish French German Japanese

Why reactive security no longer works – and what to do about it

AI MSP Proactive security 05 March, 2026

Our attack surface has never been larger. In the span of just a few years, organizations have moved from on-premises infrastructure to cloud, layered on dozens of SaaS services, and are now deploying AI on top of all of it – with AI agents talking to other AI agents, making decisions faster than any human reviewer can track. The perimeter, as a concept, is largely gone.

And yet, according to a recent information security survey*, only 26% of organizations feel fully prepared for today’s cyber threats while 70% of ICT decision-makers say they are worried. Something does not compute.

At our February 2026 Cyber Morning event, we dug into why so many organizations remain stuck in reactive mode – and what it actually takes to change that.

The Root Cause: Resources, Not Awareness

A common assumption is that organizations are reactive because they don’t understand the threats. However, for example in Finland, a significant amount of information about the changing threat landscape is being shared with Finnish organizations – yet breaches still happen. The more honest explanation, in most cases, is resources.

Security budgets in small and medium-sized organizations are often fixed at a point in time and then left unchanged. A firewall gets deployed. It works. Nobody revisits it. The result is that the most common vulnerability pattern seen in breach investigations is the same year after year: an old edge device, unpatched, running an outdated firmware version sitting at the boundary of the organization with its own IP address, open to the internet, being probed automatically around the clock.

A significant portion of organizations across Finland and the wider Nordics are still running basic EPP (endpoint protection) products. These tools offer some protection, but they were not designed for the threat landscape of 2026. Running basic EPP today is a bit like locking your front door but leaving the windows open.

There is also a dangerous false assumption at play. Many mid-market companies believe they are not interesting targets – that attackers would not bother with them because they have nothing of particular value. This is simply wrong. Attackers think in economic terms. If a threat actor spends €1 million to execute an attack and collects €10 million in ransom, the gross margin is exceptional. Organizations do not need to be strategically important to be financially attractive.

Every Organization Will Be Attacked

Every organization will be attacked, one way or another. The question is not whether it will happen but how prepared you are when it does.

This reframe matters enormously for how organizations budget, plan, and prioritize. Security is not a problem you solve once. It is a discipline you maintain continuously. The threat landscape evolves – AI is now being used by attackers to probe and exploit systems at a speed and scale no human attacker could match. A device that was reasonably safe two years ago may now be trivially compromised by an automated agent within hours of a new vulnerability becoming known.

Finnish telecom company DNA has taken this seriously at the infrastructure level. It now includes three years of automated security patching as standard with every Wi-Fi router it sells to home customers – because a five-year-old home router with no firmware updates is not just an individual problem. As an operator, DNA sees itself as the first line of defense for Finnish society, since every cyber attack ultimately travels through their network. Whatever can be blocked at that level protects everyone downstream.

This is the kind of thinking that separates reactive from proactive security: designing systems so that secure behavior becomes the default path, not something that depends entirely on individual vigilance.

What Proactive Security Actually Means in Practice

Here are concrete first steps for moving from reactive to proactive cybersecurity, drawn from our Cyber Morning panelists:

Niko Isotalo, Regional VP North, WithSecure: Start by understanding your risks – specifically, what your most valuable assets are and what threatens them. Not risk in the abstract, but the concrete question of which parts of your business would cause the most damage if compromised. Do that assessment continuously, because the answer changes as your business changes and as the threat landscape shifts.

Jussi Tolvanen, CEO, DNA: Build the capabilities and find the right partners. Mid-market organizations cannot afford to operate a full security operations center in-house. Nor should they need to. Managed security providers exist precisely to offer those capabilities as a shared resource. The hidden cost of reactive security is not just the breach itself – it is the absence of monitoring, detection, and response capability that would have caught the attack earlier, at lower cost.

Anssi Kärkkäinen, Head of the National Cyber Security Centre, Traficom: Follow the changes in the threat landscape. Resources like Traficom’s Cyber Weather publish regular updates on what is actively being exploited. There is no excuse for being surprised by threat patterns that are publicly documented.

Christine Bejerasco, CISO, WithSecure: Know your external exposures. An unpatched device inside your network perimeter is a risk. An unpatched edge device facing the open internet, in the age of AI-powered automated scanning, is an active liability.

The MSP Opportunity: From Reactive Vendor to Proactive Security Partner

For Managed Service Providers, this picture is both a challenge and a significant opportunity. Most mid-market organizations are not inadequately protected because they don’t care. They are inadequately protected because they don’t know what proactive security looks like in practice – and they lack the in-house resources to build it themselves.

This is the gap MSPs are uniquely positioned to fill. WithSecure’s research shows that 82% of customers want a single security partner who can cover all solutions, expertise, and services. Providing continuous monitoring and threat detection that mid-market customers cannot staff internally, translating threat intelligence into actionable guidance, managing patching and exposure across the customer estate, and helping customers rehearse incident response before a crisis hits – done well, this is not a commodity service. It is a genuine security uplift, and increasingly, it is exactly what NIS2 compliance requires.

The organizations that cannot yet answer “what are our crown jewels, and how exposed are they right now?” are the ones that need a proactive partner most urgently. And for MSPs building towards higher-value managed security services, those are exactly the customers worth having the conversation with.

*Source: Telenor Nordic Digital Security Report 2025: telenor.com

Share this story