Early last year, a major logistics provider in the Asia-Pacific region encountered what seemed like routine credential theft. Within a single hour, the attacker had swiftly navigated through subsidiaries spanning three countries, initiating the exfiltration of sensitive shipment data using automated tools and pre-existing attack strategies.

In another instance, a financial services firm located in Sydney faced a ransomware attack that encrypted crucial systems in under 90 minutes from the initial breach. While their Endpoint Detection and Response (EDR) system promptly issued an alert within minutes, the organization’s response protocol required executive authorization for significant isolation measures. Unfortunately, by the time the approval was granted, the attack had already spread extensively.

These examples aren’t flukes; they represent the new normal. As 2025 demonstrated, reaction time, rather than detection loopholes, has emerged as the primary vulnerability.

When certainty became a liability

Traditionally, cybersecurity has prioritized certainty: verify before isolating, confirm before containing. This cautious approach stemmed from years of established risk management practices. However, 2025 highlighted the grave dangers of clinging to this approach when speed is paramount.

Enterprises that insisted on absolute confirmation before taking containment measures often discovered the truth too late. By the time an incident was “proven,” data had already been compromised – copied, encrypted, or destroyed – severely limiting recovery options and driving up costs.

Conversely, the most successful enterprises weren’t reckless; they were prepared. Take, for example, a major healthcare network in New Zealand that effectively contained a stealthy, persistent threat last July, thanks to a pre-approved “isolate first” strategy. Their security operations centre (SOC) possessed the authority to initiate segmented network lockdowns the moment their correlation engine detected simultaneous credential anomalies across critical systems.

They chose action over absolute certainty, understanding that inaction carried a greater risk. Subsequent analysis revealed that some of the triggering activity was harmless, but leadership agreed that the temporary disruption was a small price to pay compared to the potential damage of a successful breach. The new equation for resilience: a small error is far less costly than hesitation.

The decision velocity gap

While 2024 focused on upgrading security tools, 2025 revealed a more subtle deficiency: not in technology itself, but in how decisions are made.

Today’s security teams can detect threats faster than ever before. Machine-learning-based detection, cross-layer correlation, and anomaly scoring have drastically reduced identification times to mere minutes. However, organizational latency – the time between alert and authorization – remains sluggish, often measured in hours or even days.

This disparity has become a significant vulnerability. Attackers operate without bureaucratic hurdles like board approvals, compliance committees, or external auditors. They can act in seconds, while defenders are bound by governance structures designed for caution, not speed.

As many CISOs across Australia and New Zealand (ANZ) are realizing, the traditional defensive strategy still assumes time is on their side. Yet, in an increasing number of breaches, the attacker completes their mission before the defender even gets started.

To bridge this decision-making gap, organizations must identify their Minimum Viable Business (MVB) – the most basic form of the business that can still operate and serve customers when systems are compromised.

Instead of attempting to restore everything simultaneously, this approach prioritizes essential services for revenue generation and regulatory compliance. It focuses on the core set of applications and data that support these services, and the infrastructure needed to keep them running safely, even under compromised conditions.

In a world where attacks unfold in minutes but forensic investigations take days, understanding your MVB can be the critical difference between business continuity and a complete collapse.

Speed redefined cybersecurity last year. In 2026, the organizations that understand their MVB – and can restore it rapidly – will be the ones that survive and thrive.