Proof over promises: a new doctrine for cybersecurity
Proof over promises: a new doctrine for cybersecurity
https://www.techradar.com/pro/proof-over-promises-a-new-doctrine-for-cybersecurity
Publish Date: 2026-03-14 10:00:00
Source Domain: www.techradar.com
For years, third-party cybersecurity relationships between vendors and customers have relied on contracts and trust. That model is now showing its age. In the past year alone, 51% of UK organizations have reported a third party-related breach, while vendors have become ideal attack vectors for hostile actors.
Sam Kirkman
Social Links Navigation
Director of EMEA Services at NetSPI.
Trust based compliance to evidence-based security
What once worked for security vendors, trust-based compliance, has now become the bare minimum, as well as an outdated approach for modern cyber strategy and data protection.
Article continues below
You may like
Contracts and written assurances do little to protect organizations in practice, and too often, customers are left with limited insight into the real security posture of their vendors.
In the past few years, we have seen documentation, questionnaires and copious amounts of certifications which has come to overshadow demonstratable robustness. The emphasis has shifted towards ticking boxes, rather than proving strength.
Instead, we need to move from telling to showing; proof over promise.
An evidence-based model of security requires that vendors actively demonstrate that their security approach is measurably robust, measurable, and effective. Compliance does not equal resilience in today’s threat landscape, instead, only a consistent and proactive approach will do.
Structural blindness
Of course most vendors are not deliberately hiding vulnerabilities from customers. The issues are latency and visibility. Point…
