The Cybersecurity Gap No One Owns: You’re Securing The Wrong Perimeter

InnovationThe Cybersecurity Gap No One Owns: You’re Securing The Wrong PerimeterByPrajkta Waditwar,Forbes Councils Member.for Forbes Technology CouncilCOUNCIL POSTExpertise from Forbes Councils members, operated under license. Opinions expressed are those of the author. | Membership (fee-based)May 08, 2026, 09:00am EDTPrajkta Waditwar, senior technology sourcing Manager at Box, focused on AI strategy, vendor ecosystems and procurement innovation. gettyCybersecurity spending is approaching $240 billion globally, according to Gartner, yet breach costs are nearing $5 million per incident based on IBM’s latest data. If investment is rising and tooling is improving, the obvious question is: Why aren’t outcomes?From where I sit, working across technology sourcing and vendor strategy, the issue isn’t effort. It’s that most organizations are still securing a perimeter that no longer exists.The enterprise boundary has dissolved. What remains is a constantly shifting network of vendors—cloud providers, SaaS platforms, data processors and AI systems embedded directly into how work gets done. IBM reports that supply chain attacks have surged significantly in recent years, reflecting how deeply vendor dependencies now shape enterprise risk.And yet most security strategies still start inside the organization.Where Risk Actually Gets DecidedCybersecurity typically shows up after the fact—after a system is deployed, after a vendor is onboarded, after data is already flowing.But risk doesn’t start there. It starts much earlier, in decisions that don’t get labeled as security decisions at all. It’s in the moment a team selects a vendor to move faster. It’s in how much access that the vendor is given. It’s in how deeply that tool gets integrated into critical workflows.I’ve seen this pattern play out repeatedly across organizations—what starts as a controlled vendor decision quietly turns into a critical dependency. A vendor is introduced for a narrow use case—limited scope, controlle...