Experience has taught us that the vast majority of data breaches were not the result of failures in technology, but of poor decision-making by the people responsible for the victim organisation's security programme.
In essence, we've been fighting the wrong battle.
Here is a battle plan they can follow to change the course they find themselves on.
Organisations should expect tremendous resistance at this stage of the process, where organisational leadership will face the question, 'Which is more important: your ego or the success of your organisation?'
Let other people make bad decisions and be happy to learn from them:
There are so many breaches that can be analysed that there really is no reason why the cybersecurity industry should not have volumes of post-incident review documentation to learn from.
Instead, preventing breaches requires changing behaviour and reducing the number of opportunities for people to make mistakes.