{"id":11774,"date":"2026-03-05T11:00:25","date_gmt":"2026-03-05T11:00:25","guid":{"rendered":"https:\/\/www.withsecure.com\/?p=11774"},"modified":"2026-06-04T06:40:59","modified_gmt":"2026-06-04T05:40:59","slug":"why-reactive-security-no-longer-works-and-what-to-do-about-it","status":"publish","type":"post","link":"https:\/\/www.withsecure.com\/en\/resources-hub\/blog\/why-reactive-security-no-longer-works-and-what-to-do-about-it\/","title":{"rendered":"Why reactive security no longer works \u2013 and what to do about it"},"content":{"rendered":"\n
\n
\n

\n Why reactive security no longer works \u2013 and what to do about it<\/span><\/h1>
\n
\n \n \n AI <\/span>\n \n MSP <\/span>\n \n Proactive security <\/span>\n <\/span>\n \n 05 March, 2026 <\/span>\n <\/div>\n <\/div>\n <\/div>
\n
\n \"\" <\/figure>\n <\/div>\n <\/div>\n<\/section>\n\n\n\n
\n
\n

Our attack surface has never been larger. In the span of just a few years, organizations have moved from on-premises infrastructure to cloud, layered on dozens of SaaS services, and are now deploying AI on top of all of it \u2013 with AI agents talking to other AI agents, making decisions faster than any human reviewer can track. The perimeter, as a concept, is largely gone.<\/p>\n

And yet, according to a recent information security survey*, only 26% of organizations feel fully prepared for today’s cyber threats while 70% of ICT decision-makers say they are worried. Something does not compute.<\/p>\n

At our February 2026 Cyber Morning event, we dug into why so many organizations remain stuck in reactive mode \u2013 and what it actually takes to change that.<\/p>\n

The Root Cause: Resources, Not Awareness<\/h2>\n

A common assumption is that organizations are reactive because they don’t understand the threats. However, for example in Finland, a significant amount of information about the changing threat landscape is being shared with Finnish organizations \u2013 yet breaches still happen. The more honest explanation, in most cases, is resources.<\/p>\n

Security budgets in small and medium-sized organizations are often fixed at a point in time and then left unchanged. A firewall gets deployed. It works. Nobody revisits it. The result is that the most common vulnerability pattern seen in breach investigations is the same year after year: an old edge device, unpatched, running an outdated firmware version sitting at the boundary of the organization with its own IP address, open to the internet, being probed automatically around the clock.<\/p>\n

A significant portion of organizations across Finland and the wider Nordics are still running basic EPP (endpoint protection) products. These tools offer some protection, but they were not designed for the threat landscape of 2026. Running basic EPP today is a bit like locking your front door but leaving the windows open.<\/p>\n

There is also a dangerous false assumption at play. Many mid-market companies believe they are not interesting targets \u2013 that attackers would not bother with them because they have nothing of particular value. This is simply wrong. Attackers think in economic terms. If a threat actor spends \u20ac1 million to execute an attack and collects \u20ac10 million in ransom, the gross margin is exceptional. Organizations do not need to be strategically important to be financially attractive.<\/p>\n

Every Organization Will Be Attacked<\/h2>\n

Every organization will be attacked, one way or another. The question is not whether it will happen but how prepared you are when it does.<\/p>\n

This reframe matters enormously for how organizations budget, plan, and prioritize. Security is not a problem you solve once. It is a discipline you maintain continuously. The threat landscape evolves \u2013 AI is now being used by attackers to probe and exploit systems at a speed and scale no human attacker could match. A device that was reasonably safe two years ago may now be trivially compromised by an automated agent within hours of a new vulnerability becoming known.<\/p>\n

Finnish telecom company DNA has taken this seriously at the infrastructure level. It now includes three years of automated security patching as standard with every Wi-Fi router it sells to home customers \u2013 because a five-year-old home router with no firmware updates is not just an individual problem. As an operator, DNA sees itself as the first line of defense for Finnish society, since every cyber attack ultimately travels through their network. Whatever can be blocked at that level protects everyone downstream.<\/p>\n

This is the kind of thinking that separates reactive from proactive security: designing systems so that secure behavior becomes the default path, not something that depends entirely on individual vigilance.<\/p>\n

What Proactive Security Actually Means in Practice<\/h2>\n

Here are concrete first steps for moving from reactive to proactive cybersecurity, drawn from our Cyber Morning panelists:<\/p>\n

Niko Isotalo, Regional VP North, WithSecure: Start by understanding your risks \u2013 specifically, what your most valuable assets are and what threatens them. Not risk in the abstract, but the concrete question of which parts of your business would cause the most damage if compromised. Do that assessment continuously, because the answer changes as your business changes and as the threat landscape shifts.<\/p>\n

Jussi Tolvanen, CEO, DNA: Build the capabilities and find the right partners. Mid-market organizations cannot afford to operate a full security operations center in-house. Nor should they need to. Managed security providers exist precisely to offer those capabilities as a shared resource. The hidden cost of reactive security is not just the breach itself \u2013 it is the absence of monitoring, detection, and response capability that would have caught the attack earlier, at lower cost.<\/p>\n

Anssi K\u00e4rkk\u00e4inen, Head of the National Cyber Security Centre, Traficom: Follow the changes in the threat landscape. Resources like Traficom’s Cyber Weather publish regular updates on what is actively being exploited. There is no excuse for being surprised by threat patterns that are publicly documented.<\/p>\n

Christine Bejerasco, CISO, WithSecure: Know your external exposures. An unpatched device inside your network perimeter is a risk. An unpatched edge device facing the open internet, in the age of AI-powered automated scanning, is an active liability.<\/p>\n

The MSP Opportunity: From Reactive Vendor to Proactive Security Partner<\/h2>\n

For Managed Service Providers, this picture is both a challenge and a significant opportunity. Most mid-market organizations are not inadequately protected because they don’t care. They are inadequately protected because they don’t know what proactive security looks like in practice \u2013 and they lack the in-house resources to build it themselves.<\/p>\n

This is the gap MSPs are uniquely positioned to fill. WithSecure’s research shows that 82% of customers want a single security partner who can cover all solutions, expertise, and services. Providing continuous monitoring and threat detection that mid-market customers cannot staff internally, translating threat intelligence into actionable guidance, managing patching and exposure across the customer estate, and helping customers rehearse incident response before a crisis hits \u2013 done well, this is not a commodity service. It is a genuine security uplift, and increasingly, it is exactly what NIS2 compliance requires.<\/p>\n

The organizations that cannot yet answer “what are our crown jewels, and how exposed are they right now?” are the ones that need a proactive partner most urgently. And for MSPs building towards higher-value managed security services, those are exactly the customers worth having the conversation with.<\/p>\n

*Source: Telenor Nordic Digital Security Report 2025: telenor.com<\/a><\/p>\n<\/div>\n <\/div>\n<\/section>\n\n\n\n

\n
\n

\n Share this story <\/p>\n

\n \n \n
\n
\n \"\"

Blog<\/p>\n <\/div>\n

\n
\n
\n AI<\/span>\n MSP<\/span>\n Proactive security<\/span>\n <\/div>\n <\/div>\n

Why reactive security no longer works \u2013 and what to do about it<\/h3>\n
\n Read more<\/a> <\/div>\n <\/div>\n<\/div>","_links":{"self":[{"href":"https:\/\/www.withsecure.com\/en\/wp-json\/wp\/v2\/posts\/11774","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.withsecure.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.withsecure.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.withsecure.com\/en\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/www.withsecure.com\/en\/wp-json\/wp\/v2\/comments?post=11774"}],"version-history":[{"count":4,"href":"https:\/\/www.withsecure.com\/en\/wp-json\/wp\/v2\/posts\/11774\/revisions"}],"predecessor-version":[{"id":11928,"href":"https:\/\/www.withsecure.com\/en\/wp-json\/wp\/v2\/posts\/11774\/revisions\/11928"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.withsecure.com\/en\/wp-json\/wp\/v2\/media\/11776"}],"wp:attachment":[{"href":"https:\/\/www.withsecure.com\/en\/wp-json\/wp\/v2\/media?parent=11774"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.withsecure.com\/en\/wp-json\/wp\/v2\/categories?post=11774"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.withsecure.com\/en\/wp-json\/wp\/v2\/tags?post=11774"},{"taxonomy":"content_type","embeddable":true,"href":"https:\/\/www.withsecure.com\/en\/wp-json\/wp\/v2\/content_type?post=11774"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}