Doing More With Less in Cyber Four shifts redefining security leadership under budget pressure

Berin Lautenbach joined us to unpack a turning point for cyber leadership. After years where security could often justify incremental spend, budget scrutiny has reached the function. Boards are asking for value, IT teams are being asked to consolidate, and security leaders are trying to retain visibility and response capacity as technology estates move further into cloud and SaaS platforms.

The message is not that cyber should simply spend less. It is that resilience now depends on sharper choices: preserve hygiene, reduce complexity intelligently, automate repetitive response work, and get ahead of a more prescriptive regulatory environment.

Executive overview

This frames the practical takeaway: cyber leaders must simplify the environment without creating blind spots, protect the basic controls that prevent common attacks, and use automation to lift people into higher-value work.

Consolidation helps security - until visibility starts to disappear

Simplifying the estate generally reduces complexity, which is good for cyber. The risk appears when more workloads move into major SaaS and cloud platforms and teams keep monitoring the network as if nothing changed.

The visibility problem becomes sharper as organisations consolidate into major SaaS and cloud platforms. Security teams may still have a SIEM, a SOC and people watching the network, but the activity that matters increasingly happens inside platforms where their historical controls and skills do not reach as cleanly.

Leadership implication: simplification is still valuable, but visibility has to move with the architecture. The team needs platform-specific telemetry and skills, not only more centralised monitoring.

Protect the basics.
Automate the repeatable.

Under budget pressure, the easiest cuts often land in the wrong place. Patching, provisioning, deprovisioning and privileged access control are the disciplines most likely to prevent common attacks. At the same time, automation is changing how cyber teams operate.

Lautenbach was direct that the most damaging cuts are often not in specialist security tools, but in the unglamorous IT foundations that stop simple compromise: patching, deprovisioning, privileged access management and keeping systems current.

The strategic shift is clear: the security team cannot simply watch more data. It has to engineer a response system that handles repeatable events and reserves human judgment for the work that genuinely requires it.

‍

Detection is fragmenting.
Regulation is hardening.

Traditional SIEM-first models are under pressure. New specialised tools are improving visibility across SaaS platforms, while automated response is becoming increasingly practical. At the same time, governments are moving toward more prescriptive cyber requirements.

The final signal is regulatory. Lautenbach noted that Australian critical infrastructure policy is moving from a mode where organisations are expected to manage risk into a more directive model. That matters because regulation carries cost into the IT environment and may travel through supplier ecosystems.

Closing insight

Cyber resilience under constraint is now a leadership discipline. The organisations that win will not be the ones with the largest tool estates; they will be the ones that know where visibility is thinning, which hygiene processes cannot be touched, where automation can absorb response load, and how quickly regulatory obligations may move through the supply chain.