Why Cybersecurity Can No Longer Be Treated as an IT Problem

Secure Horizons' Sarah Armstrong-Smith on Building Collective Resilience Anna Delaney (annamadeline) • March 12, 2026

Identity has overtaken endpoints as the primary attack vector, driving threat actors to focus on gaining and maintaining initial access to organizations. Enterprises must adopt an assumed-compromise mindset and plan for the likelihood that identities themselves will eventually be compromised, said Sarah Armstrong Smith, executive director at Secure Horizons.

See Also: Why HSMs Are Critical to Digital Asset Security

Organizations often understand cybersecurity principles but still approach them primarily from an IT perspective, even though cybersecurity should be treated as an enterprisewide risk rather than just an IT issue, Armstrong-Smith said.

"When we look at the collective resilience, we need to look cross sector, cross industry and say as a whole, from a society perspective, 'How resilient are we to some of the cyberthreats that we're seeing and how those threats are going to continue ...